Custom Search

Wednesday, May 31, 2017

Botnet Statistics [2017-05-30]

detection period: 2017-05-30 00:00-23:59 UTC
total number of suspected botnet IPs: 544
number of botnet IPs notified to network operators: 503
number of spam blocked: 23680
recipient count of spam blocked: 111296

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UA-VOLIA-2006112457
2WASU52
3CHINANET-GD51
4CMNET48
5UNICOM-ZJ35
6UK-ABSTATION-2012071228
7VNPT-VNNIC-VN25
8EONIX-NET-173-44-128-0-1-BLK-417
9LADEDICATED213
10CC-1712

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China230
2United States87
3Ukraine60
4Viet Nam47
5United Kingdom28
6Japan10
7Taiwan7
8India5
9France5
10Bulgaria5

Suspected Bot List [2017-05-30]

detection period: 2017-05-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 41

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN45.124.145.118India
US24.42.239.106United States
UY167.57.0.129Uruguay

List from greylisting:

Tuesday, May 30, 2017

Botnet Statistics [2017-05-29]

detection period: 2017-05-29 00:00-23:59 UTC
total number of suspected botnet IPs: 297
number of botnet IPs notified to network operators: 242
number of spam blocked: 17262
recipient count of spam blocked: 58859

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD44
2HSI-425
3UA-VOLIA-2008040424
4VNPT-VNNIC-VN18
5HU-11215
6WORLDSTREAM10
7FPT-VN8
8WASU7
9HICHINA7
10HSI-36

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China86
2United States66
3Viet Nam35
4Ukraine29
5Netherlands11
6France11
7Taiwan7
8Japan7
9India6
10Thailand4

Suspected Bot List [2017-05-29]

detection period: 2017-05-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 55

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
FR87.98.243.48France
FR195.154.53.245France
IN45.124.145.118India

List from greylisting:

Monday, May 29, 2017

Botnet Statistics [2017-05-28]

detection period: 2017-05-28 00:00-23:59 UTC
total number of suspected botnet IPs: 295
number of botnet IPs notified to network operators: 281
number of spam blocked: 14384
recipient count of spam blocked: 134145

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD38
2MAROSNET-193-124-176-026
3UA-VOLIA-2006112425
4BAIDU-JP-NET17
5EONIX-NET-173-232-0-0-1-BLK-615
6LSN-DLLSTX-213
7VNPT-VNNIC-VN12
8FPT-VN6
9ALISOFT6
10AL-35

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China71
2United States50
3Russian Federation33
4Ukraine29
5Viet Nam28
6Japan20
7France9
8Greece6
9Taiwan4
10India4

Suspected Bot List [2017-05-28]

detection period: 2017-05-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ES83.46.126.238Spain
GR46.176.239.183Greece
GR89.210.21.28Greece
GR89.210.225.237Greece
GR141.255.30.119Greece
GR141.255.59.131Greece
GR141.255.122.249Greece
MN202.9.41.227Mongolia
PK39.42.30.30Pakistan
US24.42.239.106United States
US24.97.59.122United States

List from greylisting:

Sunday, May 28, 2017

Botnet Statistics [2017-05-27]

detection period: 2017-05-27 00:00-23:59 UTC
total number of suspected botnet IPs: 471
number of botnet IPs notified to network operators: 426
number of spam blocked: 35142
recipient count of spam blocked: 113168

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD60
2UA-VOLIA-2008040455
3VNPT-VNNIC-VN43
4UK-RAPIDSWITCH-2007041830
5HSI-322
6HINET-NET21
7FPT-VN16
8HINET13
9VIETEL-VN10
10HSI-410

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China100
2Viet Nam96
3Ukraine59
4United States58
5Taiwan36
6United Kingdom31
7India13
8France11
9Thailand6
10Romania5

Suspected Bot List [2017-05-27]

detection period: 2017-05-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 45

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US24.97.59.122United States
US24.231.215.254United States

List from greylisting:

Saturday, May 27, 2017

Botnet Statistics [2017-05-26]

detection period: 2017-05-26 00:00-23:59 UTC
total number of suspected botnet IPs: 685
number of botnet IPs notified to network operators: 641
number of spam blocked: 19642
recipient count of spam blocked: 39500

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ141
2CMNET66
3CHINANET-GD51
4WASU41
5VNPT-VNNIC-VN33
6HINET-NET32
7UA-VOLIA-2008040427
8CC-1719
9EONIX-NET-173-232-0-0-1-BLK-618
10HINET16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China337
2United States98
3Viet Nam51
4Taiwan49
5Ukraine28
6India25
7United Kingdom15
8Poland11
9Estonia10
10Brazil5

Suspected Bot List [2017-05-26]

detection period: 2017-05-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 44

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR186.38.87.100Argentina
AR186.38.87.102Argentina
AR186.56.32.169Argentina
AR200.49.2.123Argentina
IN27.251.2.234India
IN122.165.237.29India
IN122.168.194.53India
MX148.243.192.238Mexico
PK182.191.65.193Pakistan

List from greylisting:

Friday, May 26, 2017

Botnet Statistics [2017-05-25]

detection period: 2017-05-25 00:00-23:59 UTC
total number of suspected botnet IPs: 778
number of botnet IPs notified to network operators: 767
number of spam blocked: 27466
recipient count of spam blocked: 72539

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ169
2WASU128
3CMNET85
4CHINANET-GD44
5HOSTENGINE35
6UA-VOLIA-2008040429
7UA-VOLIA-2006112428
8MAROSNET-194-67-196-022
9HINET-NET17
10HINET14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China460
2United States72
3Ukraine72
4Taiwan32
5Russian Federation23
6Viet Nam14
7Turkey13
8Singapore13
9India8
10Italy6

Suspected Bot List [2017-05-25]

detection period: 2017-05-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA69.58.106.210Canada
FR212.129.30.113France
IN27.251.2.234India
MX148.243.192.238Mexico

List from greylisting:

Thursday, May 25, 2017

Botnet Statistics [2017-05-24]

detection period: 2017-05-24 00:00-23:59 UTC
total number of suspected botnet IPs: 723
number of botnet IPs notified to network operators: 670
number of spam blocked: 59781
recipient count of spam blocked: 71939

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ158
2WASU97
3CMNET89
4CHINANET-GD46
5UA-VOLIA-2008040432
6UA-VOLIA-2006112431
7HSI-324
8EONIX-NET-173-232-0-0-1-BLK-617
9HU-11215
10LSN-DLLSTX-113

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China423
2United States136
3Ukraine63
4India19
5Viet Nam15
6Tunisia5
7South Korea5
8Iran5
9Russian Federation4
10Taiwan3

Suspected Bot List [2017-05-24]

detection period: 2017-05-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 53

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
FR185.81.157.58France
IN59.144.167.233India
KW37.34.243.227Kuwait

List from greylisting:

Wednesday, May 24, 2017

Botnet Statistics [2017-05-23]

detection period: 2017-05-23 00:00-23:59 UTC
total number of suspected botnet IPs: 798
number of botnet IPs notified to network operators: 778
number of spam blocked: 41734
recipient count of spam blocked: 42098

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ137
2WASU126
3CMNET114
4CHINANET-GD50
5UA-VOLIA-2008040429
6UA-VOLIA-2006112429
7EONIX-NET-173-44-128-0-1-BLK-429
8VNPT-VNNIC-VN16
9TZULO16
10HU-11216

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China465
2United States116
3Ukraine60
4Viet Nam38
5India22
6Poland14
7Russian Federation12
8Iran8
9Turkey6
10Italy5

Suspected Bot List [2017-05-23]

detection period: 2017-05-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, May 23, 2017

Botnet Statistics [2017-05-22]

detection period: 2017-05-22 00:00-23:59 UTC
total number of suspected botnet IPs: 330
number of botnet IPs notified to network operators: 326
number of spam blocked: 11243
recipient count of spam blocked: 11243

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ56
2WASU55
3CMNET54
4CHINANET-GD16
5UK-RAPIDSWITCH-2007041815
6RO-DATAROOM-2015061615
7LADEDICATED310
8LSN-DLLSTX-27
9EXMASTERS167
10Chinafic5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China224
2United States20
3Romania16
4United Kingdom15
5Russian Federation8
6Czech Republic8
7India4
8Viet Nam3
9South Korea3
10Thailand2

Suspected Bot List [2017-05-22]

detection period: 2017-05-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, May 19, 2017

Botnet Statistics [2017-05-18]

detection period: 2017-05-18 00:00-23:59 UTC
total number of suspected botnet IPs: 720
number of botnet IPs notified to network operators: 706
number of spam blocked: 49499
recipient count of spam blocked: 120617

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ122
2WASU112
3CMNET61
4UA-VOLIA-2006112429
5EONIX-NET-173-232-0-0-1-BLK-629
6VNPT-VNNIC-VN24
7LSN-DLLSTX-222
8DIMENOC20
9EXMASTERS1618
10CHINANET-GD18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China364
2United States123
3Viet Nam47
4Ukraine40
5Russian Federation18
6Czech Republic18
7Virgin (British) Islands16
8Poland14
9Japan6
10South Korea5

Suspected Bot List [2017-05-18]

detection period: 2017-05-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
PK182.191.65.193Pakistan

List from greylisting:

Thursday, May 18, 2017

Botnet Statistics [2017-05-17]

detection period: 2017-05-17 00:00-23:59 UTC
total number of suspected botnet IPs: 753
number of botnet IPs notified to network operators: 711
number of spam blocked: 58999
recipient count of spam blocked: 167614

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ134
2WASU123
3CMNET59
4UA-VOLIA-2008040429
5UA-VOLIA-2006112429
6abstation26
7VNPT-VNNIC-VN25
8CHINANET-GD22
9RO-DATAROOM-2015061616
10LEASEWEB14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China391
2United States74
3Ukraine61
4Viet Nam48
5United Kingdom27
6Romania16
7Japan15
8India15
9Netherlands14
10Italy7

Suspected Bot List [2017-05-17]

detection period: 2017-05-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 42

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, May 17, 2017

Botnet Statistics [2017-05-16]

detection period: 2017-05-16 00:00-23:59 UTC
total number of suspected botnet IPs: 893
number of botnet IPs notified to network operators: 840
number of spam blocked: 56850
recipient count of spam blocked: 115979

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU132
2CMNET95
3UNICOM-ZJ84
4CHINANET-JS38
5VNPT-VNNIC-VN37
6CHINANET-GD37
7UA-VOLIA-2008040429
8MIHK-HK29
9UA-VOLIA-2006112428
10PL-ARTNET-2012070424

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China453
2Viet Nam71
3Ukraine62
4United States47
5India37
6Hong Kong32
7Poland28
8Netherlands19
9United Kingdom16
10Lithuania15

Suspected Bot List [2017-05-16]

detection period: 2017-05-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 53

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
NL93.174.94.114Netherlands
RS89.216.28.123Serbia

List from greylisting:

Tuesday, May 16, 2017

Botnet Statistics [2017-05-15]

detection period: 2017-05-15 00:00-23:59 UTC
total number of suspected botnet IPs: 849
number of botnet IPs notified to network operators: 783
number of spam blocked: 32031
recipient count of spam blocked: 135420

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU129
2CMNET88
3UNICOM-ZJ81
4VNPT-VNNIC-VN54
5CHINANET-JS44
6CHINANET-GD40
7HSI-331
8UNICOM-JS25
9NDCHOST-0422
10IS-ICENETWORKS16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China453
2United States116
3Viet Nam93
4India33
5Netherlands26
6Iceland16
7Romania9
8Ukraine6
9Russian Federation6
10Iran6

Suspected Bot List [2017-05-15]

detection period: 2017-05-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 66

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
FR212.83.138.221France
IN202.56.255.50India
US69.85.239.37United States

List from greylisting:

Monday, May 15, 2017

Botnet Statistics [2017-05-14]

detection period: 2017-05-14 00:00-23:59 UTC
total number of suspected botnet IPs: 540
number of botnet IPs notified to network operators: 530
number of spam blocked: 18954
recipient count of spam blocked: 65639

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ56
2WASU49
3VNPT-VNNIC-VN41
4CHINANET-GD40
5CMNET35
6TZULO33
7UA-VOLIA-2008040429
8CHINANET-JS21
9UNICOM-JS17
10BG-POWERNET-2007073113

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China276
2Viet Nam80
3United States60
4Ukraine34
5Bulgaria15
6Russian Federation11
7Taiwan7
8India5
9South Korea4
10South Africa3

Suspected Bot List [2017-05-14]

detection period: 2017-05-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ID103.254.107.10Indonesia
MX187.178.176.10Mexico
MX201.163.21.226Mexico

List from greylisting:

Sunday, May 14, 2017

Botnet Statistics [2017-05-13]

detection period: 2017-05-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1422
number of botnet IPs notified to network operators: 1306
number of spam blocked: 22239
recipient count of spam blocked: 57003

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN295
2UNICOM-ZJ73
3FPT-VN70
4VIETEL-VN60
5VIETEL-VNNIC-VN59
6CHINANET-GD40
7ETC-VNNIC-VN39
8WASU27
9UA-VOLIA-2008040427
10UA-VOLIA-2006112426

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Viet Nam571
2China240
3Ukraine80
4India77
5United States49
6South Korea32
7Argentina30
8Thailand20
9Russian Federation20
10Czech Republic18

Suspected Bot List [2017-05-13]

detection period: 2017-05-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 116

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CO190.60.60.61Colombia
IN1.186.128.5India
KE41.215.72.146Kenya
MN202.170.70.8Mongolia
US97.80.35.6United States

List from greylisting:

Saturday, May 13, 2017

Suspected Bots' IP List for April 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-04-01]
Suspected Bots IP [2017-04-02]
Suspected Bots IP [2017-04-03]
Suspected Bots IP [2017-04-04]
Suspected Bots IP [2017-04-05]
Suspected Bots IP [2017-04-06]
Suspected Bots IP [2017-04-07]
Suspected Bots IP [2017-04-08]
Suspected Bots IP [2017-04-09]
Suspected Bots IP [2017-04-10]
Suspected Bots IP [2017-04-14]
Suspected Bots IP [2017-04-15]
Suspected Bots IP [2017-04-16]
Suspected Bots IP [2017-04-17]
Suspected Bots IP [2017-04-18]
Suspected Bots IP [2017-04-19]
Suspected Bots IP [2017-04-21]
Suspected Bots IP [2017-04-22]
Suspected Bots IP [2017-04-23]
Suspected Bots IP [2017-04-24]
Suspected Bots IP [2017-04-25]
Suspected Bots IP [2017-04-26]
Suspected Bots IP [2017-04-27]
Suspected Bots IP [2017-04-28]
Suspected Bots IP [2017-04-29]
Suspected Bots IP [2017-04-30]

Botnet Statistics [2017-05-12]

detection period: 2017-05-12 00:00-23:59 UTC
total number of suspected botnet IPs: 777
number of botnet IPs notified to network operators: 711
number of spam blocked: 45654
recipient count of spam blocked: 56871

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU85
2UNICOM-ZJ74
3VNPT-VNNIC-VN62
4UA-VOLIA-2006112454
5CMNET44
6CHINANET-GD35
7EONIX-NET-173-232-0-0-1-BLK-629
8NFORCE_ENTERTAINMENT23
9TZULO17
10MIR-TELEMATIKI16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China304
2Viet Nam102
3United States96
4Ukraine60
5Netherlands24
6Russian Federation20
7India18
8Argentina18
9Brazil17
10South Korea9

Suspected Bot List [2017-05-12]

detection period: 2017-05-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 66

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BW168.167.251.213Botswana
CO190.60.60.61Colombia
ID103.254.107.10Indonesia
MX201.163.21.226Mexico
US97.80.35.6United States

List from greylisting:

Friday, May 12, 2017

Botnet Statistics [2017-05-11]

detection period: 2017-05-11 00:00-23:59 UTC
total number of suspected botnet IPs: 949
number of botnet IPs notified to network operators: 931
number of spam blocked: 48795
recipient count of spam blocked: 85795

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU120
2UNICOM-ZJ95
3CMNET94
4UA-VOLIA-2008040454
5CHINANET-GD49
6VNPT-VNNIC-VN43
7NFORCE_ENTERTAINMENT37
8CHINANET-JS36
9MAROSNET-194-67-208-029
10CC-1723

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China495
2Viet Nam92
3Ukraine76
4United States65
5Russian Federation38
6Netherlands38
7India28
8Bulgaria20
9Poland9
10Italy6

Suspected Bot List [2017-05-11]

detection period: 2017-05-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CO190.60.60.61Colombia
ID103.254.107.10Indonesia
US97.80.35.6United States

List from greylisting:

Thursday, May 11, 2017

Botnet Statistics [2017-05-10]

detection period: 2017-05-10 00:00-23:59 UTC
total number of suspected botnet IPs: 716
number of botnet IPs notified to network operators: 711
number of spam blocked: 39769
recipient count of spam blocked: 70465

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU141
2UNICOM-ZJ112
3CMNET71
4CHINANET-GD54
5CHINANET-JS47
6NFORCE_ENTERTAINMENT31
7UA-VOLIA-2008040429
8TZULO17
9NL-WORLDSTREAM-2012091715
10UNICOM-JS14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China485
2United States89
3Netherlands46
4Ukraine30
5Estonia13
6Bulgaria8
7Taiwan5
8France4
9Viet Nam3
10Thailand3

Suspected Bot List [2017-05-10]

detection period: 2017-05-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US97.80.35.6United States

List from greylisting:

Wednesday, May 10, 2017

Botnet Statistics [2017-05-09]

detection period: 2017-05-09 00:00-23:59 UTC
total number of suspected botnet IPs: 779
number of botnet IPs notified to network operators: 743
number of spam blocked: 56536
recipient count of spam blocked: 56811

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU102
2UNICOM-ZJ82
3CMNET76
4UA-VOLIA-2008040458
5CHINANET-JS45
6CHINANET-GD42
7VNPT-VNNIC-VN38
8SHARKTECH34
9EE-WAVECOM-2010113029
10UNICOM-JS21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China404
2United States94
3Viet Nam81
4Ukraine60
5Estonia29
6Romania17
7Bulgaria17
8Turkey15
9India8
10Netherlands6

Suspected Bot List [2017-05-09]

detection period: 2017-05-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, May 9, 2017

Botnet Statistics [2017-05-08]

detection period: 2017-05-08 00:00-23:59 UTC
total number of suspected botnet IPs: 779
number of botnet IPs notified to network operators: 767
number of spam blocked: 53774
recipient count of spam blocked: 920030

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ87
2WASU72
3CHINANET-JS71
4CMNET64
5UA-VOLIA-2006112457
6VNPT-VNNIC-VN53
7CHINANET-GD33
8EE-WAVECOM-2010113029
9SHARKTECH-328
10EONIX-NET-107-158-0-0-1-BLK-1022

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China389
2Viet Nam105
3United States82
4Ukraine57
5Estonia29
6Netherlands19
7Turkey14
8India13
9Sweden8
10Bulgaria8

Suspected Bot List [2017-05-08]

detection period: 2017-05-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ID103.254.107.10Indonesia
US97.80.35.6United States
UY179.26.16.89Uruguay

List from greylisting:

Monday, May 8, 2017

Botnet Statistics [2017-05-07]

detection period: 2017-05-07 00:00-23:59 UTC
total number of suspected botnet IPs: 533
number of botnet IPs notified to network operators: 520
number of spam blocked: 22917
recipient count of spam blocked: 291391

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN47
2CHINANET-JS39
3CHINANET-GD39
4abstation28
5UA-VOLIA-2008040428
6UNICOM-ZJ21
7WASU17
8TZULO17
9LeaseVPS16
10Infium-213

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China179
2Viet Nam94
3United States88
4Ukraine46
5United Kingdom30
6Netherlands17
7Bulgaria12
8Russian Federation5
9India5
10Indonesia5

Suspected Bot List [2017-05-07]

detection period: 2017-05-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
PK202.61.51.123Pakistan

List from greylisting:

Sunday, May 7, 2017

Botnet Statistics for April 2017

detection period: 2017-04-01 00:00 - 2017-04-30 23:59 UTC
total number of suspected botnet IPs: 6465
number of blocked spams: 346245
recipient count of blocked spams: 1670097

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China4132
2Viet Nam458
3India323
4United States185
5Russian Federation158
6South Korea120
7Brazil70
8Indonesia54
9Ukraine43
10Taiwan43
11Thailand40
12Pakistan38
13Mexico36
14Iran32
15France30
16Bangladesh29
17Argentina27
18Japan26
19Italy25
20Germany25
21Antigua And Barbuda24
22Turkey23
23United Kingdom22
24Singapore20
25Netherlands19

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1United States245766
2Singapore24784
3Turkey11557
4Germany10995
5Russian Federation8461
6Ukraine8403
7Netherlands6068
8China3469
9France2507
10Canada2470
11United Kingdom2206
12Sweden2188
13Taiwan1742
14Czech Republic1378
15Thailand1373
16Romania1241
17India1198
18Viet Nam1111
19Estonia1022
20Tunisia728
21Poland634
22Mexico513
23Chile481
24Italy428
25Pakistan340

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-05-06]

detection period: 2017-05-06 00:00-23:59 UTC
total number of suspected botnet IPs: 420
number of botnet IPs notified to network operators: 408
number of spam blocked: 51870
recipient count of spam blocked: 321269

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD38
2CMNET37
3EXMASTERS1632
4WASU31
5UA-VOLIA-2006112429
6HOSTKEY-NET16
7VNPT-VNNIC-VN15
8DSV4-213
9NFORCE_ENTERTAINMENT12
10NETBLK-NOBIS-TECHNOLOGY-GROUP-0812

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China151
2United States83
3Czech Republic32
4Viet Nam30
5Ukraine30
6Netherlands28
7Singapore13
8India8
9Russian Federation4
10Germany4

Suspected Bot List [2017-05-06]

detection period: 2017-05-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, May 6, 2017

Botnet Statistics [2017-05-05]

detection period: 2017-05-05 00:00-23:59 UTC
total number of suspected botnet IPs: 638
number of botnet IPs notified to network operators: 631
number of spam blocked: 38965
recipient count of spam blocked: 86448

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET88
2WASU74
3CHINANET-GD53
4SERVERYOU-NET-LAX34
5VNPT-VNNIC-VN31
6UA-VOLIA-2006112429
7UA-VOLIA-2008040428
8DIMENOC20
9NR-CUST-AUTONOMOI13
10LSN-DLLSTX-113

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China296
2United States128
3Ukraine58
4Viet Nam48
5Netherlands14
6Poland11
7Russian Federation7
8India7
9France4
10Australia4

Suspected Bot List [2017-05-05]

detection period: 2017-05-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MN202.170.70.8Mongolia

List from greylisting:

Friday, May 5, 2017

Botnet Statistics [2017-05-04]

detection period: 2017-05-04 00:00-23:59 UTC
total number of suspected botnet IPs: 681
number of botnet IPs notified to network operators: 672
number of spam blocked: 37935
recipient count of spam blocked: 434232

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET91
2WASU72
3UA-VOLIA-2006112454
4CHINANET-GD37
5TZULO32
6UK-ABSTATION-2012071229
7VNPT-VNNIC-VN25
8CHINANET-JS24
9NFORCE_ENTERTAINMENT18
10PSYCHZ-NETWORKS17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China299
2United States112
3Ukraine57
4Viet Nam43
5United Kingdom31
6Netherlands18
7Russian Federation15
8Turkey14
9Italy10
10Hong Kong6

Suspected Bot List [2017-05-04]

detection period: 2017-05-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, May 4, 2017

Botnet Statistics [2017-05-03]

detection period: 2017-05-03 00:00-23:59 UTC
total number of suspected botnet IPs: 671
number of botnet IPs notified to network operators: 657
number of spam blocked: 44860
recipient count of spam blocked: 661184

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET101
2WASU86
3VNPT-VNNIC-VN46
4UA-VOLIA-2006112433
5abstation17
6TZULO17
7TR-COMNET-TR17
8SHARKTECH-317
9LINOSERVERS-NET15
10LT-ECOFON-2013123114

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China276
2United States116
3Viet Nam94
4Ukraine46
5Turkey18
6United Kingdom18
7Luxembourg15
8Lithuania15
9Thailand7
10Russian Federation7

Suspected Bot List [2017-05-03]

detection period: 2017-05-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KW37.34.243.227Kuwait
SA83.101.136.42Saudi Arabia

List from greylisting:

Wednesday, May 3, 2017

Botnet Statistics [2017-05-02]

detection period: 2017-05-02 00:00-23:59 UTC
total number of suspected botnet IPs: 640
number of botnet IPs notified to network operators: 619
number of spam blocked: 82305
recipient count of spam blocked: 113173

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET78
2WASU65
3CHINANET-JS37
4VNPT-VNNIC-VN33
5EE-WAVECOM-2010113029
6UNICOM-JS25
7UA-VOLIA-2006112419
8NL-HOSTKEY16
9WII-OAK-213
10UNICOM-BJ12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China298
2United States77
3Viet Nam71
4Estonia29
5Ukraine26
6Russian Federation25
7Netherlands18
8India18
9Turkey7
10South Korea7

Suspected Bot List [2017-05-02]

detection period: 2017-05-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
MX148.243.192.238Mexico
PK203.215.183.119Pakistan
RS89.216.28.123Serbia
SA83.101.136.42Saudi Arabia

List from greylisting:

Tuesday, May 2, 2017

Botnet Statistics [2017-05-01]

detection period: 2017-05-01 00:00-23:59 UTC
total number of suspected botnet IPs: 429
number of botnet IPs notified to network operators: 418
number of spam blocked: 118299
recipient count of spam blocked: 118302

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN32
2CHINANET-GD30
3LSN-DLLSTX-825
4abstation23
5CHINANET-JS19
6CMNET17
7UNICOM-JS16
8EONIX-NET-50-2-0-0-1-BLK-715
9UNICOM-BJ13
10JOESDC-0113

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China161
2United States86
3Viet Nam60
4United Kingdom24
5Ukraine15
6Iceland12
7Russian Federation11
8South Korea8
9India8
10Brazil6

Suspected Bot List [2017-05-01]

detection period: 2017-05-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, May 1, 2017

Botnet Statistics [2017-04-30]

detection period: 2017-04-30 00:00-23:59 UTC
total number of suspected botnet IPs: 237
number of botnet IPs notified to network operators: 227
number of spam blocked: 2446
recipient count of spam blocked: 48863

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD33
2UNICOM-BJ16
3CMNET16
4VNPT-VNNIC-VN8
5UNICOM-GD5
6CHINANET-JS4
7ALISOFT4
8HICHINA3
9CHINANET-YN3
10CHINANET-JX3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China130
2United States18
3Russian Federation15
4Viet Nam9
5India8
6Ukraine4
7Taiwan4
8Thailand3
9Hong Kong3
10France3

Suspected Bot List [2017-04-30]

detection period: 2017-04-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
US97.89.253.230United States

List from greylisting: