Custom Search

Wednesday, February 28, 2018

Suspected Bots' IP List for January 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-01-01]
Suspected Bots IP [2018-01-02]
Suspected Bots IP [2018-01-03]
Suspected Bots IP [2018-01-04]
Suspected Bots IP [2018-01-05]
Suspected Bots IP [2018-01-06]
Suspected Bots IP [2018-01-07]
Suspected Bots IP [2018-01-08]
Suspected Bots IP [2018-01-09]
Suspected Bots IP [2018-01-10]
Suspected Bots IP [2018-01-11]
Suspected Bots IP [2018-01-12]
Suspected Bots IP [2018-01-13]
Suspected Bots IP [2018-01-14]
Suspected Bots IP [2018-01-15]
Suspected Bots IP [2018-01-16]
Suspected Bots IP [2018-01-17]
Suspected Bots IP [2018-01-18]
Suspected Bots IP [2018-01-19]
Suspected Bots IP [2018-01-20]
Suspected Bots IP [2018-01-21]
Suspected Bots IP [2018-01-22]
Suspected Bots IP [2018-01-23]
Suspected Bots IP [2018-01-25]
Suspected Bots IP [2018-01-26]
Suspected Bots IP [2018-01-27]
Suspected Bots IP [2018-01-28]
Suspected Bots IP [2018-01-29]
Suspected Bots IP [2018-01-30]
Suspected Bots IP [2018-01-31]

Botnet Statistics [2018-02-27]

detection period: 2018-02-27 00:00-23:59 UTC
total number of suspected botnet IPs: 59
number of botnet IPs notified to network operators: 50
number of spam blocked: 28319
recipient count of spam blocked: 768144

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR7
2SA-SAHARA-9901132
3RRNY2
4LINK-NET2
5KORNET-KR2
6CHINANET-ZJ2
7broadNnet-KR1
8WINDSTREAM-COMMUNICATIONS1
9WEBAIRINTERNET1
10VNPT-VNNIC-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea11
2United States7
3Nigeria4
4China4
5Saudi Arabia3
6Spain3
7Egypt3
8Viet Nam2
9Pakistan2
10India2

Suspected Bot List [2018-02-27]

detection period: 2018-02-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.83.154Argentina
CZ185.82.212.95Czech Republic
ES81.42.227.135Spain
GR62.169.214.53Greece
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA37.216.204.202Saudi Arabia
SA212.76.70.131Saudi Arabia
SA212.76.76.242Saudi Arabia

List from greylisting:

Tuesday, February 27, 2018

Botnet Statistics [2018-02-26]

detection period: 2018-02-26 00:00-23:59 UTC
total number of suspected botnet IPs: 47
number of botnet IPs notified to network operators: 41
number of spam blocked: 11608
recipient count of spam blocked: 303957

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR3
2RRNY2
3CHINANET-ZJ2
4broadNnet-KR1
5WINDSTREAM-COMMUNICATIONS1
6WEBAIRINTERNET1
7VNPT-VNNIC-VN1
8VE-CSVE-LACNIC1
9UNICOM-CN1
10TUNGHO-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States6
2South Korea5
3China4
4South Africa2
5Pakistan2
6Iran2
7India2
8Hong Kong2
9Egypt2
10Australia2

Suspected Bot List [2018-02-26]

detection period: 2018-02-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
GR62.169.214.53Greece
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA212.76.76.242Saudi Arabia
TW123.195.250.35Taiwan

List from greylisting:

Monday, February 26, 2018

Botnet Statistics [2018-02-25]

detection period: 2018-02-25 00:00-23:59 UTC
total number of suspected botnet IPs: 44
number of botnet IPs notified to network operators: 37
number of spam blocked: 9208
recipient count of spam blocked: 297297

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR7
2VNPT-VNNIC-VN2
3SA-SAHARA-9901132
4KORNET-KR2
5CHINANET-ZJ2
6broadNnet-KR1
7WINDSTREAM-COMMUNICATIONS1
8WEBAIRINTERNET1
9VOLUMEDRIVE1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea10
2United States4
3China4
4Saudi Arabia3
5Viet Nam2
6Pakistan2
7Hong Kong2
8Egypt2
9Australia2
10South Africa1

Suspected Bot List [2018-02-25]

detection period: 2018-02-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.81.216Argentina
GR62.169.214.53Greece
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA37.105.192.130Saudi Arabia
SA212.76.70.131Saudi Arabia
SA212.76.76.242Saudi Arabia

List from greylisting:

Sunday, February 25, 2018

Botnet Statistics [2018-02-24]

detection period: 2018-02-24 00:00-23:59 UTC
total number of suspected botnet IPs: 44
number of botnet IPs notified to network operators: 39
number of spam blocked: 19198
recipient count of spam blocked: 590449

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR5
2LINK-NET2
3CHINANET-ZJ2
4WINDSTREAM-COMMUNICATIONS1
5WEBAIRINTERNET1
6VOLUMEDRIVE1
7VNPT-VNNIC-VN1
8UNICOM-CN1
9TPG-AU1
10TELSTRAINTERNET47-AU1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea7
2United States5
3China5
4Egypt3
5Pakistan2
6Iran2
7Hong Kong2
8Australia2
9South Africa1
10Viet Nam1

Suspected Bot List [2018-02-24]

detection period: 2018-02-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
GR62.169.214.53Greece
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA212.76.76.242Saudi Arabia

List from greylisting:

Saturday, February 24, 2018

Botnet Statistics [2018-02-23]

detection period: 2018-02-23 00:00-23:59 UTC
total number of suspected botnet IPs: 53
number of botnet IPs notified to network operators: 43
number of spam blocked: 29848
recipient count of spam blocked: 545545

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR6
2RRNY2
3KORNET-KR2
4CHINANET-ZJ2
5broadNnet-KR1
6WINDSTREAM1
7WEBAIRINTERNET1
8VOLUMEDRIVE1
9VNPT-VNNIC-VN1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea10
2United States8
3China5
4Saudi Arabia4
5Egypt3
6Pakistan2
7Netherlands2
8India2
9Viet Nam1
10Venezuela1

Suspected Bot List [2018-02-23]

detection period: 2018-02-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.81.121Argentina
CZ185.82.212.95Czech Republic
GR62.169.214.53Greece
IN202.62.76.14India
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA37.105.192.130Saudi Arabia
SA95.218.86.238Saudi Arabia
SA212.76.76.242Saudi Arabia
SA213.181.172.244Saudi Arabia

List from greylisting:

Friday, February 23, 2018

Botnet Statistics [2018-02-22]

detection period: 2018-02-22 00:00-23:59 UTC
total number of suspected botnet IPs: 55
number of botnet IPs notified to network operators: 48
number of spam blocked: 41895
recipient count of spam blocked: 668764

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR6
2LINK-NET3
3KORNET-KR3
4RRNY2
5KTFWING-KR2
6CHINANET-ZJ2
7broadNnet-KR1
8WINDSTREAM1
9WEBAIRINTERNET1
10VNPT-VNNIC-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea12
2United States8
3Egypt4
4China4
5Netherlands3
6India3
7Pakistan2
8Viet Nam1
9Venezuela1
10Saudi Arabia1

Suspected Bot List [2018-02-22]

detection period: 2018-02-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.82.0Argentina
CZ185.82.212.95Czech Republic
GR62.169.214.53Greece
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA212.76.76.242Saudi Arabia

List from greylisting:

Thursday, February 22, 2018

Botnet Statistics [2018-02-21]

detection period: 2018-02-21 00:00-23:59 UTC
total number of suspected botnet IPs: 49
number of botnet IPs notified to network operators: 42
number of spam blocked: 57566
recipient count of spam blocked: 1524554

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR4
2LGTELECOM-KR3
3RRNY2
4LINK-NET2
5KTFWING-KR2
6CHINANET-ZJ2
7WINDSTREAM1
8WEBAIRINTERNET1
9VE-CSVE-LACNIC1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea9
2United States8
3China4
4Egypt3
5Saudi Arabia2
6Serbia2
7Netherlands2
8Australia2
9Viet Nam1
10Venezuela1

Suspected Bot List [2018-02-21]

detection period: 2018-02-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
GR62.169.214.53Greece
PK202.61.51.123Pakistan
RS89.216.30.202Serbia
RS178.149.102.210Serbia
SA176.45.240.98Saudi Arabia
SA212.76.76.242Saudi Arabia

List from greylisting:

Wednesday, February 21, 2018

Botnet Statistics [2018-02-20]

detection period: 2018-02-20 00:00-23:59 UTC
total number of suspected botnet IPs: 59
number of botnet IPs notified to network operators: 57
number of spam blocked: 47128
recipient count of spam blocked: 1336758

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR12
2KORNET-KR3
3RRNY2
4CHINANET-ZJ2
5broadNnet-KR1
6WINDSTREAM1
7WEBAIRINTERNET1
8VE-CSVE-LACNIC1
9UNICOM-CN1
10TPG-AU1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea18
2United States8
3Saudi Arabia4
4China4
5Netherlands2
6Iran2
7India2
8Egypt2
9Australia2
10South Africa1

Suspected Bot List [2018-02-20]

detection period: 2018-02-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
GR62.169.214.53Greece
PK202.61.51.123Pakistan

List from greylisting:

Tuesday, February 20, 2018

Botnet Statistics for January 2018

detection period: 2018-01-01 00:00 - 2018-01-31 23:59 UTC
total number of suspected botnet IPs: 757
number of blocked spams: 932566
recipient count of blocked spams: 26847830

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China540
2United States85
3Germany64
4Netherlands8
5Costa Rica6
6Canada4
7Romania3
8Norway3
9South Korea3
10India3
11Hong Kong3
12Ukraine2
13Russian Federation2
14New Zealand2
15Nigeria2
16Mexico2
17Myanmar2
18Iceland2
19France2
20Belize2
21South Africa1
22Viet Nam1
23Turkey1
24Singapore1
25Poland1

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China463697
2Brazil99792
3Czech Republic87046
4United States66236
5Ukraine34783
6Hong Kong32449
7South Korea20126
8Macau16021
9Israel14703
10Canada14014
11France13166
12Costa Rica10941
13Netherlands10394
14Romania10242
15Germany8378
16Iceland7890
17Belize6566
18South Africa4987
19Norway4310
20Kyrgyzstan2465
21Singapore1521
22Ireland879
23Mexico637
24New Caledonia438
25Russian Federation276

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics for the year of 2017

detection period: 2017-01-01 00:00 - 2017-12-31 23:59 UTC
total number of suspected botnet IPs: 103740
number of blocked spams: 17220086
recipient count of blocked spams: 369595290
detection methods: fake open relay + greylisting

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China44902
2Taiwan19140
3Viet Nam8333
4United States7619
5India3218
6Ukraine1738
7Brazil1456
8Russian Federation1107
9Netherlands953
10Iran820
11Mexico775
12United Kingdom718
13Indonesia598
14Turkey558
15Italy535
16Colombia496
17Poland489
18Peru489
19Argentina453
20South Korea439
21Thailand420
22Romania412
23Hong Kong398
24Pakistan386
25Bulgaria341

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China4531866
2Taiwan3890439
3United States3012233
4Brazil840434
5South Korea602432
6Russian Federation462929
7Poland340562
8Netherlands323180
9Hong Kong311700
10Ukraine276767
11Germany263873
12United Kingdom248179
13Canada241403
14Czech Republic205562
15Venezuela187789
16Azerbaijan150585
17India117025
18Romania102556
19South Africa91706
20Singapore73829
21Norway63083
22Italy57475
23Israel56881
24France50498
25Belize48602

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-02-19]

detection period: 2018-02-19 00:00-23:59 UTC
total number of suspected botnet IPs: 13
number of botnet IPs notified to network operators: 12
number of spam blocked: 38033
recipient count of spam blocked: 892286

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3VE-CSVE-LACNIC1
4UNICOM-CN1
5NETVIGATOR1
6CZ-WHOISPROTECTION-201412311
7CO-ETBE-LACNIC1
8CHINANET-TJ1
9BSNLNET1
10AIRLINERES-CALPOP-COM1

The top 9 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3Venezuela1
4United States1
5India1
6Hong Kong1
7Czech Republic1
8Colombia1
9Brazil1

Suspected Bot List [2018-02-19]

detection period: 2018-02-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Monday, February 19, 2018

Botnet Statistics [2018-02-18]

detection period: 2018-02-18 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 11
number of spam blocked: 33957
recipient count of spam blocked: 1017637

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4NETVIGATOR1
5CZ-WHOISPROTECTION-201412311
6CO-ETBE-LACNIC1
7CHINANET-TJ1
8BSNLNET1
9AIRLINERES-CALPOP-COM1
10002.558.157/0001-621

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4India1
5Hong Kong1
6Czech Republic1
7Colombia1
8Brazil1

Suspected Bot List [2018-02-18]

detection period: 2018-02-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, February 18, 2018

Botnet Statistics [2018-02-17]

detection period: 2018-02-17 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 11
number of spam blocked: 42161
recipient count of spam blocked: 1263048

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4NETVIGATOR1
5CZ-WHOISPROTECTION-201412311
6CO-ETBE-LACNIC1
7CHINANET-TJ1
8BSNLNET1
9AIRLINERES-CALPOP-COM1
10002.558.157/0001-621

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4India1
5Hong Kong1
6Czech Republic1
7Colombia1
8Brazil1

Suspected Bot List [2018-02-17]

detection period: 2018-02-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, February 17, 2018

Botnet Statistics [2018-02-16]

detection period: 2018-02-16 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 11
number of spam blocked: 45330
recipient count of spam blocked: 1236708

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4NETVIGATOR1
5CZ-WHOISPROTECTION-201412311
6CO-ETBE-LACNIC1
7CHINANET-TJ1
8AIRLINERES-CALPOP-COM1
9AFRINIC-200905081
10002.558.157/0001-621

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4Nigeria1
5Hong Kong1
6Czech Republic1
7Colombia1
8Brazil1

Suspected Bot List [2018-02-16]

detection period: 2018-02-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Friday, February 16, 2018

Botnet Statistics [2018-02-15]

detection period: 2018-02-15 00:00-23:59 UTC
total number of suspected botnet IPs: 15
number of botnet IPs notified to network operators: 14
number of spam blocked: 60323
recipient count of spam blocked: 1381447

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4SOLIDSPACE-IP1
5SHAW-COMMUNICATIONS1
6NETVIGATOR1
7CZ-WHOISPROTECTION-201412311
8CO-ETBE-LACNIC1
9CHINANET-TJ1
10BSNLNET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3South Korea2
4Nigeria1
5India1
6Hong Kong1
7Czech Republic1
8Colombia1
9Canada1
10Brazil1

Suspected Bot List [2018-02-15]

detection period: 2018-02-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Thursday, February 15, 2018

Botnet Statistics [2018-02-14]

detection period: 2018-02-14 00:00-23:59 UTC
total number of suspected botnet IPs: 11
number of botnet IPs notified to network operators: 10
number of spam blocked: 49647
recipient count of spam blocked: 1287019

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3SHAW-COMMUNICATIONS1
4NETVIGATOR1
5KORNET-KR1
6CZ-WHOISPROTECTION-201412311
7CO-ETBE-LACNIC1
8CHINANET-TJ1
9AIRLINERES-CALPOP-COM1
10002.558.157/0001-621

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States1
3South Korea1
4Hong Kong1
5Czech Republic1
6Colombia1
7Canada1
8Brazil1

Suspected Bot List [2018-02-14]

detection period: 2018-02-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Wednesday, February 14, 2018

Botnet Statistics [2018-02-13]

detection period: 2018-02-13 00:00-23:59 UTC
total number of suspected botnet IPs: 13
number of botnet IPs notified to network operators: 12
number of spam blocked: 41601
recipient count of spam blocked: 1024355

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3ZOOMNIGERIA1
4UNICOM-CN1
5NETVIGATOR1
6ESTROWEB-011
7CZ-WHOISPROTECTION-201412311
8CHINANET-TJ1
9ATT1
10AIRLINERES-CALPOP-COM1

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3South Korea2
4Netherlands1
5Nigeria1
6Hong Kong1
7Czech Republic1
8Brazil1

Suspected Bot List [2018-02-13]

detection period: 2018-02-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Tuesday, February 13, 2018

Botnet Statistics [2018-02-12]

detection period: 2018-02-12 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 11
number of spam blocked: 33361
recipient count of spam blocked: 782779

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3KORNET-KR1
4HOSTWINDS-17-71
5ECO-D217587-NET1
6CZ-WHOISPROTECTION-201412311
7CO-ETBE-LACNIC1
8CHINANET-TJ1
9BSNLNET1
10AIRLINERES-CALPOP-COM1

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3South Korea1
4India1
5Germany1
6Czech Republic1
7Colombia1
8Brazil1

Suspected Bot List [2018-02-12]

detection period: 2018-02-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Monday, February 12, 2018

Botnet Statistics [2018-02-11]

detection period: 2018-02-11 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 11
number of spam blocked: 35459
recipient count of spam blocked: 722444

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2VIS-BLOCK1
3UNICOM-CN1
4KORNET-KR1
5IP2000-ADSL-BAS1
6HOSTWINDS-17-61
7CZ-WHOISPROTECTION-201412311
8CHINANET-TJ1
9AIRLINERES-CALPOP-COM1
10ADSL250_21

The top 7 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States3
3New Caledonia1
4South Korea1
5France1
6Czech Republic1
7Brazil1

Suspected Bot List [2018-02-11]

detection period: 2018-02-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, February 11, 2018

Botnet Statistics [2018-02-10]

detection period: 2018-02-10 00:00-23:59 UTC
total number of suspected botnet IPs: 11
number of botnet IPs notified to network operators: 10
number of spam blocked: 44474
recipient count of spam blocked: 731475

The top 9 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4CZ-WHOISPROTECTION-201412311
5CO-ETBE-LACNIC1
6CHINANET-TJ1
7BSNLNET1
8AIRLINERES-CALPOP-COM1
9002.558.157/0001-621

The top 7 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4India1
5Czech Republic1
6Colombia1
7Brazil1

Suspected Bot List [2018-02-10]

detection period: 2018-02-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, February 10, 2018

Botnet Statistics [2018-02-09]

detection period: 2018-02-09 00:00-23:59 UTC
total number of suspected botnet IPs: 13
number of botnet IPs notified to network operators: 11
number of spam blocked: 45142
recipient count of spam blocked: 739286

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4Spectranet-V41
5ESTROWEB-011
6CZ-WHOISPROTECTION-201412311
7CO-ETBE-LACNIC1
8CHINANET-TJ1
9BSNLNET1
10AIRLINERES-CALPOP-COM1

The top 9 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4Netherlands1
5Nigeria1
6India1
7Czech Republic1
8Colombia1
9Brazil1

Suspected Bot List [2018-02-09]

detection period: 2018-02-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
NG197.242.102.230Nigeria

List from greylisting:

Friday, February 9, 2018

Botnet Statiistics [2018-02-08]

detection period: 2018-02-08 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 10
number of spam blocked: 61319
recipient count of spam blocked: 746016

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4IT-INTERBUSINESS-200010271
5CZ-WHOISPROTECTION-201412311
6CO-ETBE-LACNIC1
7CHINANET-TJ1
8BSNLNET1
9AIRLINERES-CALPOP-COM1
10002.558.157/0001-621

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4Italy1
5India1
6Czech Republic1
7Colombia1
8Brazil1

Suspected Bot List [2018-02-08]

detection period: 2018-02-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
IT217.58.107.218Italy

List from greylisting:

Thursday, February 8, 2018

Botnet Statistics [2018-02-07]

detection period: 2018-02-07 00:00-23:59 UTC
total number of suspected botnet IPs: 10
number of botnet IPs notified to network operators: 9
number of spam blocked: 51053
recipient count of spam blocked: 681513

The top 8 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4CZ-WHOISPROTECTION-201412311
5CHINANET-TJ1
6BSNLNET1
7AIRLINERES-CALPOP-COM1
8002.558.157/0001-621

The top 6 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4India1
5Czech Republic1
6Brazil1

Suspected Bot List [2018-02-07]

detection period: 2018-02-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Wednesday, February 7, 2018

Botnet Statistics [2018-02-06]

detection period: 2018-02-06 00:00-23:59 UTC
total number of suspected botnet IPs: 10
number of botnet IPs notified to network operators: 9
number of spam blocked: 39565
recipient count of spam blocked: 711234

The top 8 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4CZ-WHOISPROTECTION-201412311
5CHINANET-TJ1
6BSNLNET1
7AIRLINERES-CALPOP-COM1
8002.558.157/0001-621

The top 6 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4India1
5Czech Republic1
6Brazil1

Suspected Bot List [2018-02-06]

detection period: 2018-02-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Tuesday, February 6, 2018

Botnet Statistics [2018-02-05]

detection period: 2018-02-05 00:00-23:59 UTC
total number of suspected botnet IPs: 11
number of botnet IPs notified to network operators: 9
number of spam blocked: 22872
recipient count of spam blocked: 685000

The top 9 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR2
2CHINANET-ZJ2
3UNICOM-CN1
4Spectranet-v41
5CZ-WHOISPROTECTION-201412311
6CHINANET-TJ1
7BSNLNET1
8AIRLINERES-CALPOP-COM1
9002.558.157/0001-621

The top 7 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2South Korea2
3United States1
4Nigeria1
5India1
6Czech Republic1
7Brazil1

Suspected Bot List [2018-02-05]

detection period: 2018-02-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
NG197.255.170.223Nigeria

List from greylisting:

Monday, February 5, 2018

Botnet Statistics [2018-02-04]

detection period: 2018-02-04 00:00-23:59 UTC
total number of suspected botnet IPs: 8
number of botnet IPs notified to network operators: 7
number of spam blocked: 24350
recipient count of spam blocked: 729543

The top 7 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3KORNET-KR1
4CZ-WHOISPROTECTION-201412311
5CHINANET-TJ1
6AIRLINERES-CALPOP-COM1
7002.558.157/0001-621

The top 5 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States1
3South Korea1
4Czech Republic1
5Brazil1

Suspected Bot List [2018-02-04]

detection period: 2018-02-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, February 4, 2018

Botnet Statistics [2018-02-03]

detection period: 2018-02-03 00:00-23:59 UTC
total number of suspected botnet IPs: 9
number of botnet IPs notified to network operators: 8
number of spam blocked: 26129
recipient count of spam blocked: 783087

The top 8 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3KORNET-KR1
4CZ-WHOISPROTECTION-201412311
5CHINANET-TJ1
6BSNLNET1
7AIRLINERES-CALPOP-COM1
8002.558.157/0001-621

The top 6 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States1
3South Korea1
4India1
5Czech Republic1
6Brazil1

Suspected Bot List [2018-02-03]

detection period: 2018-02-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, February 3, 2018

Botnet Statistics [2018-02-02]

detection period: 2018-02-02 00:00-23:59 UTC
total number of suspected botnet IPs: 8
number of botnet IPs notified to network operators: 7
number of spam blocked: 25572
recipient count of spam blocked: 766377

The top 7 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3KORNET-KR1
4CZ-WHOISPROTECTION-201412311
5CHINANET-TJ1
6AIRLINERES-CALPOP-COM1
7002.558.157/0001-621

The top 5 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States1
3South Korea1
4Czech Republic1
5Brazil1

Suspected Bot List [2018-02-02]

detection period: 2018-02-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Friday, February 2, 2018

Botnet Statistics [2018-02-01]

detection period: 2018-02-01 00:00-23:59 UTC
total number of suspected botnet IPs: 10
number of botnet IPs notified to network operators: 9
number of spam blocked: 26072
recipient count of spam blocked: 773141

The top 9 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3RRNY1
4KORNET-KR1
5CZ-WHOISPROTECTION-201412311
6CHINANET-TJ1
7BSNLNET1
8AIRLINERES-CALPOP-COM1
9002.558.157/0001-621

The top 6 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3South Korea1
4India1
5Czech Republic1
6Brazil1

Suspected Bot List [2018-02-01]

detection period: 2018-02-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Thursday, February 1, 2018

Botnet Statistics [2018-01-31]

detection period: 2018-01-31 00:00-23:59 UTC
total number of suspected botnet IPs: 13
number of botnet IPs notified to network operators: 12
number of spam blocked: 25671
recipient count of spam blocked: 737591

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2VIS-BLOCK1
3UNICOM-CN1
4KORNET-KR1
5ESTROWEB-011
6ECO-D217587-NET1
7CZ-WHOISPROTECTION-201412311
8CHINANET-TJ1
9AIRLINERES-CALPOP-COM1
10AFRINIC-200905081

The top 9 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3Netherlands1
4Nigeria1
5New Caledonia1
6South Korea1
7Germany1
8Czech Republic1
9Brazil1

Suspected Bot List [2018-01-31]

detection period: 2018-01-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting: