Custom Search

Wednesday, August 23, 2017

Botnet Statistics [2017-08-22]

detection period: 2017-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 216
number of botnet IPs notified to network operators: 191
number of spam blocked: 30501
recipient count of spam blocked: 88297

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU33
2Baidu27
3CMNET19
4UNIFIEDLAYER-NETWORK-147
5CHINANET-JS6
6ALISOFT6
7WASU-BB5
8CHINANET-GD5
9VNPT-VNNIC-VN4
10TencentCloud4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China124
2United States14
3Viet Nam13
4India9
5Thailand6
6Iran5
7Colombia5
8Taiwan4
9Turkey4
10Poland3

Suspected Bot List [2017-08-22]

detection period: 2017-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH110.164.161.77Thailand
TH119.46.209.163Thailand
TH125.25.170.138Thailand
TH125.26.207.22Thailand
UY167.57.121.198Uruguay

List from greylisting:

Tuesday, August 22, 2017

Botnet Statistics [2017-08-21]

detection period: 2017-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 263
number of botnet IPs notified to network operators: 244
number of spam blocked: 30846
recipient count of spam blocked: 63630

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET72
2WASU63
3Baidu27
4HOSTWINDS-19-16
5ALISOFT6
6UNIFIEDLAYER-NETWORK-145
7CHINANET-GD4
8TencentCloud3
9MSFT3
10CHINANET-ZJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China209
2United States14
3Netherlands3
4Chile3
5Uruguay2
6Taiwan2
7Turkey2
8Thailand2
9Peru2
10Indonesia2

Suspected Bot List [2017-08-21]

detection period: 2017-08-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH110.164.161.77Thailand
UY167.56.0.79Uruguay
UY179.25.163.225Uruguay

List from greylisting:

Monday, August 21, 2017

Botnet Statistics [2017-08-20]

detection period: 2017-08-20 00:00-23:59 UTC
total number of suspected botnet IPs: 144
number of botnet IPs notified to network operators: 133
number of spam blocked: 3190
recipient count of spam blocked: 3190

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET43
2Baidu25
3WASU21
4CHINANET-HB4
5LSN-DLLSTX-13
6CHINANET-GD3
7CHINANET-AH3
8UNICOM-HN2
9TencentCloud2
10CHINANET-SN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China112
2Brazil6
3Russian Federation4
4Bulgaria4
5United States3
6Poland3
7Spain2
8Argentina2
9South Africa1
10Japan1

Suspected Bot List [2017-08-20]

detection period: 2017-08-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, August 20, 2017

Botnet Statistics [2017-08-19]

detection period: 2017-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 155
number of botnet IPs notified to network operators: 132
number of spam blocked: 3470
recipient count of spam blocked: 3470

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2CMNET10
3UNIFIEDLAYER-NETWORK-115
4CHINANET-GD5
5BG-MEGALAN-200706274
6UA-VOLIA-200804042
7OSTROG-NET2
8NETBLK-CHARTER-NET2
9CHINANET-ZJ2
10CHINANET-SN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China64
2Brazil22
3United States14
4Bulgaria12
5Poland8
6India4
7United Kingdom3
8Spain3
9Czech Republic3
10Ukraine2

Suspected Bot List [2017-08-19]

detection period: 2017-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 19, 2017

Botnet Statistics [2017-08-18]

detection period: 2017-08-18 00:00-23:59 UTC
total number of suspected botnet IPs: 226
number of botnet IPs notified to network operators: 194
number of spam blocked: 29774
recipient count of spam blocked: 59216

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2BSNLNET9
3ALISOFT7
4UNICOM-HN6
5CMNET6
6VIETEL-VNNIC-VN5
7TencentCloud5
8UNIFIEDLAYER-NETWORK-144
9HOSTWINDS-17-54
10CHINANET-GD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China73
2India32
3United States26
4Viet Nam12
5Brazil12
6Bulgaria7
7Thailand5
8France5
9Taiwan4
10Indonesia4

Suspected Bot List [2017-08-18]

detection period: 2017-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN112.133.218.134India
TH61.7.228.51Thailand
TH119.46.209.163Thailand
TH125.26.207.22Thailand
US74.222.26.47United States
UY167.57.162.35Uruguay
UY179.25.86.62Uruguay

List from greylisting:

Friday, August 18, 2017

Botnet Statistics [2017-08-17]

detection period: 2017-08-17 00:00-23:59 UTC
total number of suspected botnet IPs: 171
number of botnet IPs notified to network operators: 135
number of spam blocked: 27394
recipient count of spam blocked: 27418

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2CHINANET-GD5
3VIETEL-VN4
4SERVERCRATE-034
5CHINANET-HN4
6CHINANET-HB4
7VNPT-VNNIC-VN3
8UNIFIEDLAYER-NETWORK-153
9CHINANET-JS3
10BUF1-96-9-240-0-203

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China54
2United States19
3India18
4Viet Nam15
5Brazil8
6Bulgaria8
7Russian Federation6
8Iran4
9Italy3
10France3

Suspected Bot List [2017-08-17]

detection period: 2017-08-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US74.222.26.47United States

List from greylisting:

Thursday, August 17, 2017

Botnet Statistics [2017-08-16]

detection period: 2017-08-16 00:00-23:59 UTC
total number of suspected botnet IPs: 360
number of botnet IPs notified to network operators: 306
number of spam blocked: 34327
recipient count of spam blocked: 72771

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1SERVERCRATE-0349
2HINET-NET41
3HINET28
4Baidu27
5SERVERCRATE-0411
6DNSSLAVE79
7CHINANET-GD7
8BSNLNET6
9MAROSNET-194-67-208-05
10CHINANET-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States79
2China73
3Taiwan70
4India20
5Viet Nam11
6Brazil10
7Russian Federation8
8Bulgaria8
9Pakistan7
10Iran7

Suspected Bot List [2017-08-16]

detection period: 2017-08-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 54

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
JO79.173.252.192Jordan
SA212.76.76.242Saudi Arabia
TH125.26.207.22Thailand
US74.222.26.47United States
UY179.26.7.133Uruguay

List from greylisting:

Wednesday, August 16, 2017

Botnet Statistics [2017-08-15]

detection period: 2017-08-15 00:00-23:59 UTC
total number of suspected botnet IPs: 384
number of botnet IPs notified to network operators: 364
number of spam blocked: 27678
recipient count of spam blocked: 74878

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET80
2WASU47
3CHINANET-HB41
4Baidu27
5CHINANET-AH20
6SERVERCRATE-0319
7UNICOM-ZJ17
8CHINANET-HN9
9UNIFIEDLAYER-NETWORK-147
10UNICOM-JS7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China299
2United States43
3Thailand5
4Poland4
5United Kingdom4
6Taiwan3
7Hong Kong3
8Australia3
9Turkey2
10France2

Suspected Bot List [2017-08-15]

detection period: 2017-08-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH61.7.236.60Thailand
TH61.7.241.50Thailand
TH125.25.170.66Thailand
UY186.48.51.188Uruguay

List from greylisting:

Tuesday, August 15, 2017

Botnet Statistics [2017-08-14]

detection period: 2017-08-14 00:00-23:59 UTC
total number of suspected botnet IPs: 469
number of botnet IPs notified to network operators: 426
number of spam blocked: 10393
recipient count of spam blocked: 90299

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET96
2WASU55
3CHINANET-GD34
4UNICOM-ZJ28
5SERVERCRATE-0328
6Baidu27
7CHINANET-AH16
8CHINANET-HB13
9UNICOM-JS9
10CHINANET-JX9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China337
2United States66
3Viet Nam6
4Taiwan5
5Russian Federation5
6Thailand4
7Hong Kong4
8Singapore3
9Germany3
10Uruguay2

Suspected Bot List [2017-08-14]

detection period: 2017-08-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 43

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
CA45.62.239.77Canada
ID219.83.84.146Indonesia
MO116.193.10.34Macau
NL139.162.250.124Netherlands
TH61.7.241.50Thailand
TH119.46.209.163Thailand
TH122.155.197.9Thailand
TH125.26.207.22Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US74.222.26.47United States
US206.125.41.139United States
UY167.57.156.48Uruguay
UY179.25.79.197Uruguay
VE190.202.116.101Venezuela

List from greylisting:

Monday, August 14, 2017

Botnet Statistics [2017-08-13]

detection period: 2017-08-13 00:00-23:59 UTC
total number of suspected botnet IPs: 312
number of botnet IPs notified to network operators: 278
number of spam blocked: 88683
recipient count of spam blocked: 2589427

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2CHINANET-GD23
3SERVERCRATE-0322
4CMNET22
5CHINANET-HB14
6UNICOM-ZJ10
7UNICOM-JS9
8HINET-NET8
9CHINANET-HN8
10SPARKSTATION-AS-AP7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China176
2United States48
3Russian Federation14
4Singapore12
5Taiwan8
6Germany5
7South Korea4
8Hong Kong4
9United Kingdom4
10France3

Suspected Bot List [2017-08-13]

detection period: 2017-08-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA45.62.239.77Canada
DE213.153.71.22Germany
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, August 13, 2017

Suspected Bots' IP List for July 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-07-01]
Suspected Bots IP [2017-07-02]
Suspected Bots IP [2017-07-03]
Suspected Bots IP [2017-07-04]
Suspected Bots IP [2017-07-05]
Suspected Bots IP [2017-07-06]
Suspected Bots IP [2017-07-07]
Suspected Bots IP [2017-07-08]
Suspected Bots IP [2017-07-09]
Suspected Bots IP [2017-07-11]
Suspected Bots IP [2017-07-12]
Suspected Bots IP [2017-07-13]
Suspected Bots IP [2017-07-14]
Suspected Bots IP [2017-07-15]
Suspected Bots IP [2017-07-16]
Suspected Bots IP [2017-07-17]
Suspected Bots IP [2017-07-18]
Suspected Bots IP [2017-07-19]
Suspected Bots IP [2017-07-20]
Suspected Bots IP [2017-07-21]
Suspected Bots IP [2017-07-22]
Suspected Bots IP [2017-07-23]
Suspected Bots IP [2017-07-24]
Suspected Bots IP [2017-07-25]
Suspected Bots IP [2017-07-26]
Suspected Bots IP [2017-07-27]
Suspected Bots IP [2017-07-28]
Suspected Bots IP [2017-07-29]
Suspected Bots IP [2017-07-30]
Suspected Bots IP [2017-07-31]

Botnet Statistics [2017-08-12]

detection period: 2017-08-12 00:00-23:59 UTC
total number of suspected botnet IPs: 333
number of botnet IPs notified to network operators: 293
number of spam blocked: 90462
recipient count of spam blocked: 2616922

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1SERVERCRATE-0330
2Baidu27
3CHINANET-HB18
4CMNET14
5CHINANET-HN14
6CHINANET-GD12
7SERVERCRATE-0410
8DNSSLAVE710
9CHINANET-AH9
10ALISOFT8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China158
2United States69
3Russian Federation15
4Singapore11
5Hong Kong5
6Germany5
7Brazil5
8Taiwan4
9Thailand4
10Peru3

Suspected Bot List [2017-08-12]

detection period: 2017-08-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 40

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
DE213.153.71.22Germany
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
TH125.25.170.66Thailand
TH125.26.207.22Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
UY167.57.18.24Uruguay
UY179.26.19.67Uruguay

List from greylisting:

Saturday, August 12, 2017

Botnet Statistics [2017-08-11]

detection period: 2017-08-11 00:00-23:59 UTC
total number of suspected botnet IPs: 611
number of botnet IPs notified to network operators: 554
number of spam blocked: 91916
recipient count of spam blocked: 2643043

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU62
2CMNET51
3HINET-NET45
4UNICOM-HB39
5CHINANET-HB38
6SERVERCRATE-0330
7CHINANET-GD30
8Baidu27
9HINET15
10HOST4GEEKS13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China333
2United States75
3Taiwan61
4Russian Federation19
5Hong Kong19
6Singapore11
7India8
8Brazil8
9Germany6
10Viet Nam4

Suspected Bot List [2017-08-11]

detection period: 2017-08-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 57

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
DE213.153.71.22Germany
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.236.60Thailand
TH125.25.171.6Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
UY167.56.11.28Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Friday, August 11, 2017

Botnet Statistics [2017-08-10]

detection period: 2017-08-10 00:00-23:59 UTC
total number of suspected botnet IPs: 731
number of botnet IPs notified to network operators: 670
number of spam blocked: 122705
recipient count of spam blocked: 2674775

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET104
2WASU69
3SERVERCRATE-0336
4Baidu27
5CHINANET-HB22
6UNICOM-HB20
7CHINANET-JS18
8CHINANET-HN17
9SHARKTECH-316
10DE-FASTIT-2002102116

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China373
2United States153
3Germany21
4Russian Federation17
5United Kingdom17
6Republic Of Moldova16
7Taiwan13
8Singapore12
9Viet Nam10
10Poland10

Suspected Bot List [2017-08-10]

detection period: 2017-08-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 61

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.236.60Thailand
TH110.164.161.77Thailand
TH119.46.209.163Thailand
TH122.155.197.9Thailand
TH203.156.163.35Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, August 10, 2017

Botnet Statistics [2017-08-09]

detection period: 2017-08-09 00:00-23:59 UTC
total number of suspected botnet IPs: 745
number of botnet IPs notified to network operators: 685
number of spam blocked: 102704
recipient count of spam blocked: 2406406

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET86
2WASU77
3CHINANET-HB33
4Baidu27
5SERVERCRATE-0323
6CHINANET-HN21
7CC-1620
8UNICOM-HB18
9PL-ARTNET-2012070415
10PSYCHZ-NETWORKS13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China353
2United States170
3India24
4Russian Federation23
5Viet Nam16
6Poland16
7United Kingdom15
8Singapore11
9Taiwan10
10Iran10

Suspected Bot List [2017-08-09]

detection period: 2017-08-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 60

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, August 9, 2017

Botnet Statistics [2017-08-08]

detection period: 2017-08-08 00:00-23:59 UTC
total number of suspected botnet IPs: 786
number of botnet IPs notified to network operators: 746
number of spam blocked: 111027
recipient count of spam blocked: 2475890

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET79
2CHINANET-HB69
3HOST4GEEKS51
4WASU45
5SERVERCRATE-0330
6UNICOM-HB27
7Baidu27
8CHINANET-HN22
9CHINANET-JS21
10CHINANET-GD15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China386
2United States146
3Hong Kong55
4Poland32
5Russian Federation17
6Czech Republic13
7Viet Nam12
8Singapore12
9India12
10Taiwan8

Suspected Bot List [2017-08-08]

detection period: 2017-08-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 40

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ID219.83.84.146Indonesia
IN203.115.99.218India
IN223.196.86.228India
LY197.215.136.166Libya
MO116.193.10.34Macau
RU89.188.229.14Russian Federation
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU91.201.117.228Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, August 8, 2017

Botnet Statistics [2017-08-07]

detection period: 2017-08-07 00:00-23:59 UTC
total number of suspected botnet IPs: 863
number of botnet IPs notified to network operators: 829
number of spam blocked: 113006
recipient count of spam blocked: 2541060

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN95
2WASU90
3CMNET90
4CHINANET-HB62
5SERVERCRATE-0356
6Baidu37
7CHINANET-JS25
8HOST4GEEKS21
9UNICOM-HB19
10SWIFTWAY19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China519
2United States142
3Netherlands41
4Hong Kong26
5Russian Federation16
6United Kingdom14
7Czech Republic13
8Taiwan11
9Singapore10
10Ukraine7

Suspected Bot List [2017-08-07]

detection period: 2017-08-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
ID219.83.84.146Indonesia
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, August 7, 2017

Botnet Statistics [2017-08-06]

detection period: 2017-08-06 00:00-23:59 UTC
total number of suspected botnet IPs: 569
number of botnet IPs notified to network operators: 544
number of spam blocked: 87197
recipient count of spam blocked: 2247784

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET62
2HOST4GEEKS43
3Baidu37
4CHINANET-HN35
5WASU31
6SERVERCRATE-0331
7SHARKTECH-329
8CHINANET-HB25
9CHINANET-AH20
10UNICOM-HB16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China301
2United States101
3Hong Kong48
4Taiwan13
5Republic Of Moldova13
6Singapore10
7Poland10
8Russian Federation9
9Germany6
10Czech Republic6

Suspected Bot List [2017-08-06]

detection period: 2017-08-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, August 6, 2017

Botnet Statistics [2017-08-05]

detection period: 2017-08-05 00:00-23:59 UTC
total number of suspected botnet IPs: 443
number of botnet IPs notified to network operators: 412
number of spam blocked: 91602
recipient count of spam blocked: 2396870

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu37
2CHINANET-HB34
3SERVERCRATE-0330
4CMNET22
5CHINANET-HN22
6CHINANET-AH16
7PSINETA15
8SNAGGED14
9UK-RAPIDSWITCH-2009110213
10PL-Lovejoy_Carreon_Love12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China202
2United States100
3Poland22
4United Kingdom16
5Canada15
6Russian Federation12
7Hong Kong11
8Singapore10
9Taiwan6
10Germany6

Suspected Bot List [2017-08-05]

detection period: 2017-08-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, August 5, 2017

Botnet Statistics [2017-08-04]

detection period: 2017-08-04 00:00-23:59 UTC
total number of suspected botnet IPs: 766
number of botnet IPs notified to network operators: 710
number of spam blocked: 134721
recipient count of spam blocked: 3346168

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET76
2WASU61
3CHINANET-HB56
4Baidu37
5CHINANET-JS33
6SERVERCRATE-0330
7NDCHOST29
8CC-1524
9HOST4GEEKS23
10Adlaim-net16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China364
2United States148
3India31
4Hong Kong28
5Viet Nam22
6Netherlands21
7Russian Federation15
8Czech Republic13
9Singapore12
10Poland12

Suspected Bot List [2017-08-04]

detection period: 2017-08-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 56

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
ID219.83.84.146Indonesia
IN203.115.99.218India
IN223.196.86.228India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, August 4, 2017

Botnet Statistics [2017-08-03]

detection period: 2017-08-03 00:00-23:59 UTC
total number of suspected botnet IPs: 814
number of botnet IPs notified to network operators: 754
number of spam blocked: 90046
recipient count of spam blocked: 1932722

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET94
2WASU68
3CHINANET-HB45
4Baidu41
5CHINANET-JS35
6SERVERCRATE-0330
7UNICOM-HB24
8CC-1724
9EXMASTERS823
10PVS-BLOCK0116

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China397
2United States147
3Russian Federation31
4Czech Republic24
5India23
6Netherlands18
7Viet Nam17
8Hong Kong16
9Poland14
10Singapore13

Suspected Bot List [2017-08-03]

detection period: 2017-08-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 60

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, August 3, 2017

Botnet Statistics [2017-08-02]

detection period: 2017-08-02 00:00-23:59 UTC
total number of suspected botnet IPs: 787
number of botnet IPs notified to network operators: 746
number of spam blocked: 64695
recipient count of spam blocked: 1394026

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB75
2WASU58
3UNICOM-HB52
4CHINANET-JS48
5Baidu41
6CHINANET-HN31
7SHARKTECH-330
8UNICOM-ZJ26
9SERVERCRATE-0318
10HOST4GEEKS16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China419
2United States139
3Poland26
4Viet Nam24
5Hong Kong21
6Russian Federation18
7India17
8Singapore13
9United Kingdom13
10Taiwan9

Suspected Bot List [2017-08-02]

detection period: 2017-08-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 41

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.68.129Germany
ID219.83.84.146Indonesia
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, August 2, 2017

Botnet Statistics [2017-08-01]

detection period: 2017-08-01 00:00-23:59 UTC
total number of suspected botnet IPs: 860
number of botnet IPs notified to network operators: 833
number of spam blocked: 77796
recipient count of spam blocked: 1684180

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU89
2CMNET80
3CHINANET-HB80
4UNICOM-ZJ58
5CHINANET-JS51
6UNICOM-HB50
7Baidu35
8EXMASTERS826
9CHINANET-JX20
10PSINETA16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China550
2United States126
3Czech Republic26
4Netherlands19
5Russian Federation14
6United Kingdom14
7Singapore13
8Viet Nam12
9Ukraine8
10Germany7

Suspected Bot List [2017-08-01]

detection period: 2017-08-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH122.155.33.12Thailand
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, August 1, 2017

Botnet Statistics for July 2017

detection period: 2017-07-01 00:00 - 2017-07-31 23:59 UTC
total number of suspected botnet IPs: 14247
number of blocked spams: 1837281
recipient count of blocked spams: 47254349

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China9585
2United States1892
3Viet Nam410
4Russian Federation352
5Netherlands279
6Hong Kong220
7Poland175
8Taiwan153
9United Kingdom127
10India123
11Ukraine105
12Germany82
13Brazil62
14Italy58
15Bulgaria48
16South Korea36
17Luxembourg26
18France26
19Iran25
20Thailand22
21Turkey21
22Japan21
23Indonesia20
24Pakistan19
25Romania18

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China613754
2United States269711
3South Korea224198
4Russian Federation140136
5Brazil119112
6Hong Kong60609
7India54742
8Poland52136
9South Africa45935
10Azerbaijan43274
11Venezuela26953
12Saint Kitts And Nevis25631
13Netherlands21149
14Ukraine18477
15Germany12998
16Thailand12162
17Norway11475
18Singapore10578
19Canada8170
20Viet Nam7012
21Czech Republic5268
22Tunisia5254
23France4590
24Romania4017
25Colombia4014

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-07-31]

detection period: 2017-07-31 00:00-23:59 UTC
total number of suspected botnet IPs: 721
number of botnet IPs notified to network operators: 672
number of spam blocked: 60444
recipient count of spam blocked: 1295254

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET99
2WASU64
3UNICOM-ZJ40
4Baidu35
5HOST4GEEKS26
6CHINANET-HN25
7CHINANET-JX23
8CHINANET-JS21
9PSINETA16
10UK-RAPIDSWITCH-2009110215

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China396
2United States122
3Poland29
4Hong Kong27
5United Kingdom17
6Netherlands16
7Taiwan11
8India11
9Viet Nam8
10Russian Federation8

Suspected Bot List [2017-07-31]

detection period: 2017-07-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 49

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN203.115.99.218India
MO116.193.10.34Macau
RU91.197.234.102Russian Federation
TH122.155.33.12Thailand
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting: