Custom Search

Thursday, November 30, 2017

Botnet Statistics [2017-11-29]

detection period: 2017-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 236
number of botnet IPs notified to network operators: 228
number of spam blocked: 71077
recipient count of spam blocked: 1505475

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB31
2CHINANET-JS18
3VNPT-VNNIC-VN12
4Baidu12
5UNIFIEDLAYER-NETWORK-149
6CHINANET-GD8
7CHINANET-ZJ7
8CHINANET-ZJ-HZ6
9CHINANET-AH4
10VIETEL-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China121
2Viet Nam23
3United States21
4Brazil15
5Romania4
6Italy4
7Hong Kong4
8Spain4
9Thailand3
10Netherlands3

Suspected Bot List [2017-11-29]

detection period: 2017-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan

List from greylisting:

Wednesday, November 29, 2017

Botnet Statistics [2017-11-28]

detection period: 2017-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 191
number of botnet IPs notified to network operators: 178
number of spam blocked: 94850
recipient count of spam blocked: 2149515

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB20
2VNPT-VNNIC-VN18
3Baidu12
4CHINANET-JS11
5UNIFIEDLAYER-NETWORK-1410
6CMNET7
7CHINANET-GD7
8UNICOM-HB4
9CZ-GLOBE-200209034
10CHINANET-ZJ-HZ4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China88
2Viet Nam29
3United States21
4Czech Republic5
5Thailand4
6Russian Federation4
7Italy4
8India3
9Germany3
10Brazil3

Suspected Bot List [2017-11-28]

detection period: 2017-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan

List from greylisting:

Tuesday, November 28, 2017

Botnet Statistics [2017-11-27]

detection period: 2017-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 293
number of botnet IPs notified to network operators: 272
number of spam blocked: 60452
recipient count of spam blocked: 1260327

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS49
2VNPT-VNNIC-VN34
3CHINANET-HB17
4CHINANET-GD15
5Baidu12
6VIETEL-VN10
7UNIFIEDLAYER-NETWORK-1510
8ETC-VNNIC-VN7
9VIETEL-VNNIC-VN4
10UNICOM-HB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China130
2Viet Nam69
3United States28
4Thailand6
5India6
6Romania5
7Brazil5
8Russian Federation4
9Italy4
10Israel4

Suspected Bot List [2017-11-27]

detection period: 2017-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
US71.8.233.50United States

List from greylisting:

Monday, November 27, 2017

Botnet Statistics [2017-11-26]

detection period: 2017-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 249
number of botnet IPs notified to network operators: 237
number of spam blocked: 59498
recipient count of spam blocked: 8702696

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ29
2CHINANET-GD25
3CHINANET-JS23
4CHINANET-ZJ-TZ20
5CHINANET-ZJ-SX19
6Baidu12
7VNPT-VNNIC-VN8
8CHINANET-HB6
9VIETEL-VN5
10CHINANET-ZJ-HZ5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China169
2Viet Nam19
3United States9
4Brazil6
5India4
6Russian Federation3
7Romania3
8Italy3
9Iceland3
10Germany3

Suspected Bot List [2017-11-26]

detection period: 2017-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, November 26, 2017

Botnet Statistics [2017-11-25]

detection period: 2017-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 172
number of botnet IPs notified to network operators: 162
number of spam blocked: 75920
recipient count of spam blocked: 2130228

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ-TZ18
2CHINANET-GD18
3CHINANET-JS11
4VNPT-VNNIC-VN9
5CHINANET-HB6
6Baidu6
7CMNET5
8VIETEL-VN4
9PSINETA4
10ETC-VNNIC-VN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China94
2Viet Nam22
3United States10
4Russian Federation5
5Thailand4
6Romania3
7South Korea3
8Germany3
9Brazil3
10Netherlands2

Suspected Bot List [2017-11-25]

detection period: 2017-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Saturday, November 25, 2017

Botnet Statistics [2017-11-24]

detection period: 2017-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 184
number of botnet IPs notified to network operators: 167
number of spam blocked: 63813
recipient count of spam blocked: 1737552

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB19
2CHINANET-JS18
3CHINANET-GD12
4Baidu12
5LSN-DLLSTX-56
6CHINANET-ZJ-TZ5
7VNPT-VNNIC-VN4
8KORNET-KR4
9CHINANET-AH4
10VIETEL-VNNIC-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China93
2United States15
3Viet Nam13
4Brazil11
5Russian Federation4
6South Korea4
7Thailand3
8India3
9Germany3
10Argentina3

Suspected Bot List [2017-11-24]

detection period: 2017-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
MO116.193.10.34Macau
RU95.68.240.209Russian Federation
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, November 24, 2017

Botnet Statistics [2017-11-23]

detection period: 2017-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 168
number of botnet IPs notified to network operators: 152
number of spam blocked: 76356
recipient count of spam blocked: 1952278

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB23
2CHINANET-GD13
3Baidu12
4CHINANET-ZJ-TZ10
5CHINANET-JS10
6VNPT-VNNIC-VN4
7CHINANET-ZJ4
8CHINANET-AH4
9UNIFIEDLAYER-NETWORK-143
10UNICOM-GD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China93
2India10
3United States9
4Viet Nam5
5Romania5
6Netherlands3
7Italy3
8Indonesia3
9Germany3
10Belize3

Suspected Bot List [2017-11-23]

detection period: 2017-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KG31.135.255.209Kyrgyzstan
MO116.193.10.34Macau
RU95.68.240.209Russian Federation
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, November 23, 2017

Botnet Statistics [2017-11-22]

detection period: 2017-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 116
number of botnet IPs notified to network operators: 97
number of spam blocked: 23213
recipient count of spam blocked: 159818

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS14
2Baidu13
3CHINANET-HB11
4UNIFIEDLAYER-NETWORK-149
5CHINANET-GD9
6CHINANET-AH5
7CHINANET-ZJ-TZ3
8CHINANET-ZJ3
9UNICOM-SX2
10UNICOM-HB2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China80
2United States15
3Thailand3
4Argentina2
5Viet Nam1
6Venezuela1
7Taiwan1
8Russian Federation1
9Netherlands1
10Laos1

Suspected Bot List [2017-11-22]

detection period: 2017-11-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, November 22, 2017

Botnet Statistics [2017-11-21]

detection period: 2017-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 175
number of botnet IPs notified to network operators: 160
number of spam blocked: 50905
recipient count of spam blocked: 864133

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD15
2CHINANET-HB14
3CHINANET-JS13
4Baidu13
5VNPT-VNNIC-VN10
6EUSKILL-NETWORK-017
7LSN-DLLSTX-56
8CHINANET-ZJ5
9UNIFIEDLAYER-NETWORK-144
10CMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China85
2Viet Nam18
3United States15
4France7
5Russian Federation4
6Germany4
7Romania3
8South Korea3
9Brazil3
10South Africa2

Suspected Bot List [2017-11-21]

detection period: 2017-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.111.187.186Arab Emirates
CZ185.82.212.7Czech Republic
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, November 21, 2017

Botnet Statistics [2017-11-20]

detection period: 2017-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 282
number of botnet IPs notified to network operators: 262
number of spam blocked: 44046
recipient count of spam blocked: 984197

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN46
2CHINANET-HB21
3CHINANET-JS18
4Baidu13
5VIETEL-VN12
6LSN-DLLSTX-312
7CHINANET-GD11
8FPT-VN9
9CMNET8
10ETC-VNNIC-VN6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China107
2Viet Nam86
3United States15
4Russian Federation14
5Brazil8
6Ukraine7
7Germany5
8Romania4
9Thailand3
10Argentina3

Suspected Bot List [2017-11-20]

detection period: 2017-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
RU95.68.240.209Russian Federation
US23.129.64.101United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, November 20, 2017

Botnet Statistics [2017-11-19]

detection period: 2017-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 150
number of botnet IPs notified to network operators: 144
number of spam blocked: 12218
recipient count of spam blocked: 29125

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD34
2CHINANET-HB20
3CHINANET-JS13
4Baidu13
5CHINANET-ZJ6
6CHINANET-ZJ-TZ4
7CHINANET-SD4
8UNICOM-GD3
9PSINETA3
10CHINANET-AH3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China120
2United States4
3Russian Federation4
4Brazil4
5Taiwan2
6Netherlands2
7Bangladesh2
8Ukraine1
9Thailand1
10Romania1

Suspected Bot List [2017-11-19]

detection period: 2017-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, November 19, 2017

Botnet Statistics [2017-11-18]

detection period: 2017-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 205
number of botnet IPs notified to network operators: 186
number of spam blocked: 42513
recipient count of spam blocked: 657345

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD25
2CHINANET-HB16
3CHINANET-JS15
4Baidu13
5VNPT-VNNIC-VN11
6PSINETA6
7CHINANET-ZJ-TZ6
8VIETEL-VN4
9UNICOM-HB4
10FPT-VN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China104
2Viet Nam27
3United States13
4Russian Federation8
5Brazil7
6Germany4
7Ukraine3
8Thailand3
9Romania3
10South Korea3

Suspected Bot List [2017-11-18]

detection period: 2017-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Saturday, November 18, 2017

Botnet Statistics [2017-11-17]

detection period: 2017-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 272
number of botnet IPs notified to network operators: 259
number of spam blocked: 67442
recipient count of spam blocked: 1307920

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB41
2UNICOM-ZJ37
3CHINANET-GD35
4CHINANET-JS18
5WASU14
6VNPT-VNNIC-VN12
7Baidu12
8UNIFIEDLAYER-NETWORK-1411
9VIETEL-VNNIC-VN3
10VIETEL-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China186
2Viet Nam24
3United States20
4Russian Federation5
5Thailand3
6Italy3
7India3
8Germany3
9Brazil3
10Argentina3

Suspected Bot List [2017-11-17]

detection period: 2017-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Friday, November 17, 2017

Suspected Bots' IP List for October 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-10-01]
Suspected Bots IP [2017-10-02]
Suspected Bots IP [2017-10-04]
Suspected Bots IP [2017-10-05]
Suspected Bots IP [2017-10-06]
Suspected Bots IP [2017-10-07]
Suspected Bots IP [2017-10-08]
Suspected Bots IP [2017-10-10]
Suspected Bots IP [2017-10-11]
Suspected Bots IP [2017-10-12]
Suspected Bots IP [2017-10-13]
Suspected Bots IP [2017-10-14]
Suspected Bots IP [2017-10-15]
Suspected Bots IP [2017-10-16]
Suspected Bots IP [2017-10-17]
Suspected Bots IP [2017-10-18]
Suspected Bots IP [2017-10-19]
Suspected Bots IP [2017-10-20]
Suspected Bots IP [2017-10-21]
Suspected Bots IP [2017-10-22]
Suspected Bots IP [2017-10-23]
Suspected Bots IP [2017-10-24]
Suspected Bots IP [2017-10-25]
Suspected Bots IP [2017-10-26]
Suspected Bots IP [2017-10-27]
Suspected Bots IP [2017-10-28]
Suspected Bots IP [2017-10-29]
Suspected Bots IP [2017-10-30]
Suspected Bots IP [2017-10-31]

Botnet Statistics [2017-11-16]

detection period: 2017-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 317
number of botnet IPs notified to network operators: 309
number of spam blocked: 51356
recipient count of spam blocked: 987310

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ67
2CMNET26
3CHINANET-HB25
4Baidu25
5WASU21
6CHINANET-JS18
7CHINANET-GD14
8VNPT-VNNIC-VN10
9UNIFIEDLAYER-NETWORK-138
10UNIFIEDLAYER-NETWORK-146

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China231
2Viet Nam27
3United States19
4Germany3
5Turkey2
6Russian Federation2
7Romania2
8Norway2
9South Korea2
10Iceland2

Suspected Bot List [2017-11-16]

detection period: 2017-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan

List from greylisting:

Thursday, November 16, 2017

Botnet Statistics [2017-11-15]

detection period: 2017-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 315
number of botnet IPs notified to network operators: 307
number of spam blocked: 29126
recipient count of spam blocked: 418045

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ77
2WASU35
3CHINANET-GD28
4Baidu27
5CMNET21
6CHINANET-HB20
7CHINANET-JS15
8CHINANET-ZJ-TZ12
9UNIFIEDLAYER-NETWORK-1411
10UNICOM-HB3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China265
2United States15
3Russian Federation4
4Germany3
5Viet Nam2
6Taiwan2
7Turkey2
8Norway2
9Iceland2
10Brazil2

Suspected Bot List [2017-11-15]

detection period: 2017-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, November 15, 2017

Botnet Statistics [2017-11-14]

detection period: 2017-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 513
number of botnet IPs notified to network operators: 491
number of spam blocked: 98073
recipient count of spam blocked: 2322895

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD147
2UNICOM-ZJ72
3CHINANET-HB46
4Baidu27
5WASU25
6CMNET20
7CHINANET-JS18
8CHINANET-ZJ-TZ15
9VNPT-VNNIC-VN11
10UNIFIEDLAYER-NETWORK-148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China398
2Viet Nam24
3United States21
4India9
5Brazil7
6Thailand4
7Russian Federation4
8Romania4
9Germany4
10Ukraine3

Suspected Bot List [2017-11-14]

detection period: 2017-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
KG31.135.255.209Kyrgyzstan
US23.129.64.101United States

List from greylisting:

Tuesday, November 14, 2017

Botnet Statistics [2017-11-13]

detection period: 2017-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 363
number of botnet IPs notified to network operators: 347
number of spam blocked: 83654
recipient count of spam blocked: 2141817

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ60
2CHINANET-HB52
3WASU33
4Baidu27
5CHINANET-JS22
6CMNET19
7VNPT-VNNIC-VN15
8LSN-DLLSTX-28
9CHINANET-GD8
10UNICOM-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China261
2Viet Nam30
3United States18
4Russian Federation6
5Turkey5
6India4
7Germany4
8Argentina4
9Ukraine3
10Romania3

Suspected Bot List [2017-11-13]

detection period: 2017-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR191.85.180.182Argentina
BG93.123.73.123Bulgaria
KG31.135.255.209Kyrgyzstan
RU83.234.38.139Russian Federation
RU95.68.240.209Russian Federation
US23.129.64.101United States

List from greylisting:

Monday, November 13, 2017

Botnet Statistics [2017-11-12]

detection period: 2017-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 384
number of botnet IPs notified to network operators: 366
number of spam blocked: 82834
recipient count of spam blocked: 2209188

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ56
2CHINANET-HB45
3VNPT-VNNIC-VN33
4Baidu26
5WASU25
6CHINANET-JS23
7CMNET17
8VIETEL-VN7
9ETC-VNNIC-VN7
10FPT-VN6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China230
2Viet Nam66
3Russian Federation13
4United States9
5India7
6Brazil6
7Romania5
8Taiwan3
9Iran3
10Indonesia3

Suspected Bot List [2017-11-12]

detection period: 2017-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Sunday, November 12, 2017

Botnet Statistics [2017-11-11]

detection period: 2017-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 296
number of botnet IPs notified to network operators: 284
number of spam blocked: 84782
recipient count of spam blocked: 1999217

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB41
2CHINANET-JS34
3Baidu26
4VNPT-VNNIC-VN22
5UNICOM-ZJ10
6VIETEL-VN9
7CMNET9
8CHINANET-GD9
9PSINETA6
10WASU5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China177
2Viet Nam44
3United States13
4Russian Federation6
5Romania5
6Turkey4
7Netherlands4
8Thailand3
9India3
10Germany3

Suspected Bot List [2017-11-11]

detection period: 2017-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Saturday, November 11, 2017

Botnet Statistics [2017-11-10]

detection period: 2017-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 250
number of botnet IPs notified to network operators: 231
number of spam blocked: 91194
recipient count of spam blocked: 2136158

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS35
2CHINANET-HB34
3Baidu27
4CHINANET-GD9
5MSFT7
6CHINANET-ZJ-TZ7
7UNIFIEDLAYER-NETWORK-146
8WASU4
9VIETEL-VN4
10CHINANET-ZJ4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China161
2United States25
3Viet Nam12
4Russian Federation5
5Romania5
6India4
7Germany4
8Taiwan3
9Netherlands3
10Norway2

Suspected Bot List [2017-11-10]

detection period: 2017-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Friday, November 10, 2017

Botnet Statistics [2017-11-09]

detection period: 2017-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 449
number of botnet IPs notified to network operators: 434
number of spam blocked: 97869
recipient count of spam blocked: 2235404

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ105
2WASU54
3CHINANET-JS36
4CMNET27
5Baidu27
6CHINANET-HB25
7CHINANET-GD13
8VNPT-VNNIC-VN8
9UNIFIEDLAYER-NETWORK-148
10FPT-VN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China336
2Viet Nam25
3United States18
4Romania6
5Russian Federation4
6Italy4
7India4
8United Kingdom4
9Germany4
10Brazil4

Suspected Bot List [2017-11-09]

detection period: 2017-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Thursday, November 9, 2017

Botnet Statistics [2017-11-08]

detection period: 2017-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 496
number of botnet IPs notified to network operators: 430
number of spam blocked: 80254
recipient count of spam blocked: 1845716

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ106
2WASU54
3MSFT48
4CHINANET-JS34
5Baidu27
6CMNET23
7CHINANET-HB23
8CHINANET-ZJ-TZ13
9CHINANET-GD13
10ARUBADE-NET12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China335
2United States64
3Viet Nam15
4India15
5France12
6Russian Federation5
7Romania5
8United Kingdom4
9Germany4
10Brazil3

Suspected Bot List [2017-11-08]

detection period: 2017-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 66

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Wednesday, November 8, 2017

Botnet Statistics [2017-11-07]

detection period: 2017-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 452
number of botnet IPs notified to network operators: 434
number of spam blocked: 72469
recipient count of spam blocked: 1772739

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ97
2CHINANET-JS67
3WASU33
4CMNET25
5CHINANET-HB25
6Baidu25
7CHINANET-GD17
8UNIFIEDLAYER-NETWORK-147
9VIETEL-VNNIC-VN5
10UNICOM-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China342
2United States15
3Viet Nam12
4India11
5Russian Federation5
6Romania5
7Italy4
8Indonesia4
9Germany4
10Turkey3

Suspected Bot List [2017-11-07]

detection period: 2017-11-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Tuesday, November 7, 2017

Botnet Statistics [2017-11-06]

detection period: 2017-11-06 00:00-23:59 UTC
total number of suspected botnet IPs: 414
number of botnet IPs notified to network operators: 405
number of spam blocked: 66123
recipient count of spam blocked: 1648305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ85
2CHINANET-JS64
3WASU39
4CHINANET-GD31
5CHINANET-HB24
6CMNET19
7Baidu18
8CC-1610
9UNIFIEDLAYER-NETWORK-147
10CHINANET-ZJ7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China335
2United States21
3Russian Federation5
4Romania5
5Canada5
6Hong Kong3
7United Kingdom3
8Germany3
9Brazil3
10Thailand2

Suspected Bot List [2017-11-06]

detection period: 2017-11-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Monday, November 6, 2017

Botnet Statistics [2017-11-05]

detection period: 2017-11-05 00:00-23:59 UTC
total number of suspected botnet IPs: 375
number of botnet IPs notified to network operators: 360
number of spam blocked: 63786
recipient count of spam blocked: 1510393

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB48
2VNPT-VNNIC-VN38
3CHINANET-JS37
4UNICOM-ZJ26
5CHINANET-GD15
6Baidu15
7FPT-VN14
8WASU12
9CMNET11
10ETC-VNNIC-VN7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China216
2Viet Nam71
3Russian Federation10
4United States9
5Brazil7
6Romania6
7Thailand5
8Ukraine4
9United Kingdom4
10Turkey3

Suspected Bot List [2017-11-05]

detection period: 2017-11-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Sunday, November 5, 2017

Botnet Statistics [2017-11-04]

detection period: 2017-11-04 00:00-23:59 UTC
total number of suspected botnet IPs: 227
number of botnet IPs notified to network operators: 218
number of spam blocked: 61919
recipient count of spam blocked: 1422818

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS32
2CHINANET-GD26
3CHINANET-HB19
4Baidu15
5ARUBA-NET12
6VNPT-VNNIC-VN5
7CHINANET-ZJ-TZ5
8CHINANET-ZJ4
9VIETEL-VN3
10UNIFIEDLAYER-NETWORK-143

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China135
2Viet Nam15
3Italy14
4United States13
5Russian Federation9
6Romania4
7United Kingdom4
8India3
9Germany3
10Brazil3

Suspected Bot List [2017-11-04]

detection period: 2017-11-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
NL94.177.123.116Netherlands
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Saturday, November 4, 2017

Botnet Statistics [2017-11-03]

detection period: 2017-11-03 00:00-23:59 UTC
total number of suspected botnet IPs: 338
number of botnet IPs notified to network operators: 318
number of spam blocked: 79213
recipient count of spam blocked: 1854303

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ50
2WASU28
3CHINANET-JS20
4CHINANET-HB17
5VNPT-VNNIC-VN16
6CHINANET-ZJ-TZ16
7Baidu15
8CMNET9
9VIETEL-VN8
10UNIFIEDLAYER-NETWORK-148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China212
2Viet Nam39
3United States14
4India11
5Russian Federation7
6Romania6
7United Kingdom4
8Indonesia3
9Germany3
10Brazil3

Suspected Bot List [2017-11-03]

detection period: 2017-11-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Friday, November 3, 2017

Botnet Statistics [2017-11-02]

detection period: 2017-11-02 00:00-23:59 UTC
total number of suspected botnet IPs: 360
number of botnet IPs notified to network operators: 345
number of spam blocked: 77814
recipient count of spam blocked: 1715832

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ70
2WASU41
3CHINANET-HB27
4CMNET24
5CHINANET-JS20
6Baidu14
7VNPT-VNNIC-VN11
8CHINANET-GD11
9CHINANET-ZJ-TZ7
10JOESDC-016

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China258
2Viet Nam20
3United States14
4India10
5Russian Federation5
6Indonesia5
7United Kingdom4
8Germany4
9Taiwan3
10Romania3

Suspected Bot List [2017-11-02]

detection period: 2017-11-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CA167.114.34.116Canada
RU95.68.240.209Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Thursday, November 2, 2017

Botnet Statistics [2017-11-01]

detection period: 2017-11-01 00:00-23:59 UTC
total number of suspected botnet IPs: 401
number of botnet IPs notified to network operators: 373
number of spam blocked: 80896
recipient count of spam blocked: 1741027

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ85
2WASU43
3CHINANET-HB21
4CHINANET-JS20
5MSFT16
6CHINANET-GD16
7CMNET15
8Baidu14
9UNIFIEDLAYER-NETWORK-1410
10VNPT-VNNIC-VN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China275
2United States32
3Viet Nam20
4India15
5Russian Federation7
6Israel5
7Romania4
8South Korea4
9Italy4
10Germany4

Suspected Bot List [2017-11-01]

detection period: 2017-11-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 28

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CA167.114.34.116Canada
IN203.153.39.140India
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Wednesday, November 1, 2017

Botnet Statistics for October 2017

detection period: 2017-10-01 00:00 - 2017-10-31 23:59 UTC
total number of suspected botnet IPs: 9754
number of blocked spams: 1862225
recipient count of blocked spams: 29017655

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China3553
2Viet Nam1425
3India590
4United States379
5Mexico300
6Brazil273
7Iran271
8Peru227
9Colombia173
10Turkey157
11Saudi Arabia110
12Argentina108
13Indonesia104
14Pakistan90
15Italy88
16Russian Federation84
17Thailand83
18Tunisia75
19South Korea63
20Poland56
21Taiwan55
22Bolivia53
23Ukraine50
24Macedonia50
25Bulgaria47

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1United States582453
2China558994
3Brazil125398
4Netherlands106317
5Russian Federation72759
6United Kingdom57362
7Ukraine54610
8Germany53182
9Hong Kong46770
10Venezuela24511
11Canada22465
12Romania21294
13South Korea18736
14Macau15669
15Poland15362
16Norway14451
17South Africa13186
18Belize9788
19Tunisia6744
20Singapore6722
21Bulgaria3722
22Hungary3134
23Iceland2664
24Viet Nam2651
25India2627

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-10-31]

detection period: 2017-10-31 00:00-23:59 UTC
total number of suspected botnet IPs: 383
number of botnet IPs notified to network operators: 365
number of spam blocked: 76943
recipient count of spam blocked: 1738597

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ79
2WASU34
3CHINANET-GD28
4CMNET23
5CHINANET-JS20
6Baidu15
7VNPT-VNNIC-VN12
8CHINANET-HB12
9UNIFIEDLAYER-NETWORK-146
10UNICOM-HB6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China262
2Viet Nam19
3United States17
4India14
5Brazil10
6Germany7
7Russian Federation4
8Romania4
9Iran3
10Indonesia3

Suspected Bot List [2017-10-31]

detection period: 2017-10-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CA167.114.34.116Canada
IN203.153.39.140India
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting: