Custom Search

Monday, April 30, 2018

Suspected Bots' IP List for March 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-03-01]
Suspected Bots IP [2018-03-02]
Suspected Bots IP [2018-03-03]
Suspected Bots IP [2018-03-04]
Suspected Bots IP [2018-03-05]
Suspected Bots IP [2018-03-06]
Suspected Bots IP [2018-03-07]
Suspected Bots IP [2018-03-08]
Suspected Bots IP [2018-03-09]
Suspected Bots IP [2018-03-10]
Suspected Bots IP [2018-03-11]
Suspected Bots IP [2018-03-12]
Suspected Bots IP [2018-03-13]
Suspected Bots IP [2018-03-14]
Suspected Bots IP [2018-03-15]
Suspected Bots IP [2018-03-16]
Suspected Bots IP [2018-03-17]
Suspected Bots IP [2018-03-18]
Suspected Bots IP [2018-03-19]
Suspected Bots IP [2018-03-20]
Suspected Bots IP [2018-03-21]
Suspected Bots IP [2018-03-22]
Suspected Bots IP [2018-03-23]
Suspected Bots IP [2018-03-24]
Suspected Bots IP [2018-03-25]
Suspected Bots IP [2018-03-26]
Suspected Bots IP [2018-03-27]
Suspected Bots IP [2018-03-28]
Suspected Bots IP [2018-03-29]
Suspected Bots IP [2018-03-30]
Suspected Bots IP [2018-03-31]

Botnet Statistics [2018-04-29]

detection period: 2018-04-29 00:00-23:59 UTC
total number of suspected botnet IPs: 253
number of botnet IPs notified to network operators: 233
number of spam blocked: 17568
recipient count of spam blocked: 526344

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GO-DADDY-COM-LLC7
2VNPT-VNNIC-VN6
3TencentCloud6
4KORNET-KR4
5broadNnet-KR3
6UNKNOWN3
7HO-23
8HINET-NET3
9CMNET3
10CHINANET-ZJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China42
2United States39
3France20
4Germany16
5India13
6Russian Federation11
7Viet Nam9
8South Korea7
9Canada7
10Brazil7

Suspected Bot List [2018-04-29]

detection period: 2018-04-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
VE190.202.116.101Venezuela

List from greylisting:

Sunday, April 29, 2018

Botnet Statistics [2018-04-28]

detection period: 2018-04-28 00:00-23:59 UTC
total number of suspected botnet IPs: 273
number of botnet IPs notified to network operators: 259
number of spam blocked: 29558
recipient count of spam blocked: 773858

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud8
2VNPT-VNNIC-VN6
3KORNET-KR6
4broadNnet-KR5
5AMAZON-2011L5
6FR-OVH-201505224
7OVH3
8FR-OVH-200609203
9CloudVsp3
10hcmccable-net2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States41
2China33
3France31
4Viet Nam13
5South Korea13
6Russian Federation12
7Germany12
8Italy8
9Brazil8
10Netherlands7

Suspected Bot List [2018-04-28]

detection period: 2018-04-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
VE190.202.116.101Venezuela

List from greylisting:

Saturday, April 28, 2018

Botnet Statistics [2018-04-27]

detection period: 2018-04-27 00:00-23:59 UTC
total number of suspected botnet IPs: 401
number of botnet IPs notified to network operators: 374
number of spam blocked: 34168
recipient count of spam blocked: 770611

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud12
2KORNET-KR10
3GO-DADDY-COM-LLC8
4VNPT-VNNIC-VN7
5LINODE-US5
6HINET-NET5
7TENCENT-CN4
8FR-OVH-201203204
9CO-EPME1-LACNIC4
10CO-ACSA-LACNIC4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States74
2China58
3France35
4Russian Federation23
5Brazil21
6South Korea17
7Germany14
8India13
9Viet Nam11
10Colombia10

Suspected Bot List [2018-04-27]

detection period: 2018-04-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 27

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US97.80.15.138United States

List from greylisting:

Friday, April 27, 2018

Botnet Statistics [2018-04-26]

detection period: 2018-04-26 00:00-23:59 UTC
total number of suspected botnet IPs: 417
number of botnet IPs notified to network operators: 395
number of spam blocked: 35958
recipient count of spam blocked: 872278

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR10
2GO-DADDY-COM-LLC10
3TencentCloud8
4LINODE-US8
5TENCENT-CN6
6CO-ACSA-LACNIC6
7broadNnet-KR5
8OVH5
9VNPT-VNNIC-VN4
10FR-OVH-201203204

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States76
2China59
3France37
4South Korea21
5Germany20
6Russian Federation18
7United Kingdom15
8Colombia14
9Canada12
10Netherlands11

Suspected Bot List [2018-04-26]

detection period: 2018-04-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US97.80.15.138United States
VE190.202.116.101Venezuela

List from greylisting:

Thursday, April 26, 2018

Botnet Statistics [2018-04-25]

detection period: 2018-04-25 00:00-23:59 UTC
total number of suspected botnet IPs: 457
number of botnet IPs notified to network operators: 439
number of spam blocked: 33574
recipient count of spam blocked: 760688

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR10
2GO-DADDY-COM-LLC10
3TencentCloud9
4LINODE-US8
5CO-ACSA-LACNIC8
6FR-OVH-201201167
7FR-OVH-200609207
8broadNnet-KR6
9OVH6
10FR-ILIAD-ENTREPRISES-CUSTOMERS6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States78
2France65
3China51
4Germany48
5United Kingdom23
6South Korea19
7Russian Federation17
8Canada15
9Colombia12
10Viet Nam10

Suspected Bot List [2018-04-25]

detection period: 2018-04-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, April 25, 2018

Botnet Statistics [2018-04-24]

detection period: 2018-04-24 00:00-23:59 UTC
total number of suspected botnet IPs: 118
number of botnet IPs notified to network operators: 109
number of spam blocked: 42662
recipient count of spam blocked: 901887

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR7
2TencentCloud4
3HINET-NET3
4broadNnet-KR2
5MSFT2
6DIX-CL2
7CHINANET-ZJ2
8CHINANET-GD2
9micronet1
10hcmccable-net1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China23
2United States16
3South Korea10
4India6
5France6
6Germany6
7Brazil6
8Russian Federation5
9Taiwan4
10United Kingdom4

Suspected Bot List [2018-04-24]

detection period: 2018-04-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US75.139.49.132United States
VE190.202.116.101Venezuela

List from greylisting:

Tuesday, April 24, 2018

Botnet Statistics [2018-04-23]

detection period: 2018-04-23 00:00-23:59 UTC
total number of suspected botnet IPs: 156
number of botnet IPs notified to network operators: 146
number of spam blocked: 36621
recipient count of spam blocked: 922580

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud7
2broadNnet-KR4
3CMNET4
4MSFT3
5KORNET-KR3
6CHINANET-GD3
7hcmccable-net2
8VNPT-VNNIC-VN2
9TENCENT-CN2
10TELKOMNET2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China31
2United States21
3South Korea10
4France9
5Russian Federation8
6Indonesia8
7Viet Nam7
8Brazil6
9India4
10Germany4

Suspected Bot List [2018-04-23]

detection period: 2018-04-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
VE190.202.116.101Venezuela

List from greylisting:

Monday, April 23, 2018

Botnet Statistics for March 2018

detection period: 2018-03-01 00:00 - 2018-03-31 23:59 UTC
total number of suspected botnet IPs: 1273
number of blocked spams: 1005516
recipient count of blocked spams: 26718540

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China251
2United States167
3South Korea139
4Viet Nam80
5France60
6Russian Federation40
7India39
8Brazil39
9Egypt26
10Germany26
11Indonesia25
12United Kingdom25
13Italy21
14Taiwan20
15Netherlands20
16Canada17
17Australia15
18Japan13
19Spain13
20Hong Kong11
21Argentina11
22Singapore10
23Ukraine9
24Thailand9
25Nigeria9

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China562224
2Czech Republic123991
3United States59945
4Venezuela58679
5Hong Kong54595
6Netherlands48164
7Brazil40364
8United Kingdom17635
9Ireland12149
10Seychelles4735
11Poland4587
12Tunisia4256
13Hungary3914
14Sweden2348
15Italy1663
16South Korea1636
17India1156
18ZZ1121
19France749
20Colombia465
21Pakistan183
22Egypt128
23Belgium103
24Saudi Arabia94
25Viet Nam82

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-04-22]

detection period: 2018-04-22 00:00-23:59 UTC
total number of suspected botnet IPs: 91
number of botnet IPs notified to network operators: 90
number of spam blocked: 23075
recipient count of spam blocked: 701705

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud4
2UNITEDPROTECTION-NET3
3CHINANET-ZJ3
4NETVIGATOR2
5KORNET-KR2
6HOSTWAY-052
7DXTNET2
8CHINANET-JX2
9CHINANET-JS2
10CHINANET-GD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China28
2United States17
3Russian Federation6
4France5
5Viet Nam3
6South Korea3
7Brazil3
8Singapore2
9Hong Kong2
10United Kingdom2

Suspected Bot List [2018-04-22]

detection period: 2018-04-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, April 22, 2018

Botnet Statistics [2018-04-21]

detection period: 2018-04-21 00:00-23:59 UTC
total number of suspected botnet IPs: 99
number of botnet IPs notified to network operators: 93
number of spam blocked: 23429
recipient count of spam blocked: 701913

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud7
2KORNET-KR4
3CO-ACSA-LACNIC3
4BSNLNET3
5VNPT-VNNIC-VN2
6UNICOM-CN2
7TELKOMNET2
8LINTASARTA-NET2
9HOSTWAY-052
10DOPI12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China19
2United States13
3India8
4Indonesia8
5South Korea7
6Colombia4
7Viet Nam3
8Russian Federation3
9France3
10Brazil3

Suspected Bot List [2018-04-21]

detection period: 2018-04-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
VE190.202.116.101Venezuela

List from greylisting:

Saturday, April 21, 2018

Botnet Statistics [2018-04-20]

detection period: 2018-04-20 00:00-23:59 UTC
total number of suspected botnet IPs: 127
number of botnet IPs notified to network operators: 114
number of spam blocked: 29849
recipient count of spam blocked: 852465

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud11
2broadNnet-KR4
3KORNET-KR3
4CHINANET-ZJ3
5hcmccable-net2
6UNICOM-LN2
7TRIPLETNET-TH2
8TN-ATI-200612122
9THAINET-TH2
10TATACOMM-IN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China36
2United States17
3India10
4South Korea9
5France9
6Thailand5
7Russian Federation5
8Viet Nam4
9Indonesia4
10Canada3

Suspected Bot List [2018-04-20]

detection period: 2018-04-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
HK45.115.36.59Hong Kong
VE190.202.116.101Venezuela

List from greylisting:

Friday, April 20, 2018

Botnet Statistics [2018-04-19]

detection period: 2018-04-19 00:00-23:59 UTC
total number of suspected botnet IPs: 94
number of botnet IPs notified to network operators: 88
number of spam blocked: 41192
recipient count of spam blocked: 801680

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud7
2KORNET-KR5
3CHINANET-ZJ3
4broadNnet-KR2
5UCLOUD-NET2
6TIMCL-MM2
7NETVIGATOR2
8HOSTWAY-052
9hcmccable-net1
10VPSONLINE-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China23
2United States10
3South Korea7
4Russian Federation6
5France6
6Viet Nam5
7India4
8Hong Kong3
9Colombia3
10Brazil3

Suspected Bot List [2018-04-19]

detection period: 2018-04-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, April 19, 2018

Botnet Statistics [2018-04-18]

detection period: 2018-04-18 00:00-23:59 UTC
total number of suspected botnet IPs: 133
number of botnet IPs notified to network operators: 123
number of spam blocked: 46074
recipient count of spam blocked: 1221451

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud10
2KORNET-KR6
3GO-DADDY-COM-LLC4
4NETVIGATOR3
5CHINANET-ZJ3
6BSNLNET3
7UNICOM-CN2
8TIMCL-MM2
9THAINET-TH2
10MX-USCV4-LACNIC2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China27
2United States20
3South Korea10
4India10
5Russian Federation7
6Indonesia6
7Thailand5
8France5
9Brazil5
10Hong Kong4

Suspected Bot List [2018-04-18]

detection period: 2018-04-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
VE190.202.116.101Venezuela

List from greylisting:

Wednesday, April 18, 2018

Botnet Statistics [2018-04-17]

detection period: 2018-04-17 00:00-23:59 UTC
total number of suspected botnet IPs: 150
number of botnet IPs notified to network operators: 142
number of spam blocked: 27403
recipient count of spam blocked: 706179

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud8
2KORNET-KR5
3HINET-NET4
4CHINANET-ZJ4
5NETVIGATOR3
6MSFT3
7HOSTWAY-053
8GO-DADDY-COM-LLC3
9TIMCL-MM2
10TENCENT-CN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China35
2United States25
3India10
4Russian Federation9
5South Korea8
6France7
7Taiwan5
8Indonesia4
9Hong Kong4
10Brazil4

Tuesday, April 17, 2018

Botnet Statistics [2018-04-16]

detection period: 2018-04-16 00:00-23:59 UTC
total number of suspected botnet IPs: 104
number of botnet IPs notified to network operators: 100
number of spam blocked: 25981
recipient count of spam blocked: 741249

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET5
2TencentCloud3
3VNPT-VNNIC-VN2
4VE-CSVE-LACNIC2
5UNICOM-LN2
6UNICOM-CN2
7TN-ATI-200612122
8TATACOMM-IN2
9OVH2
10KORNET-KR2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China26
2United States14
3India7
4France6
5Taiwan5
6Viet Nam4
7South Korea4
8Brazil4
9Venezuela3
10Hong Kong3

Suspected Bot List [2018-04-16]

detection period: 2018-04-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, April 16, 2018

Botnet Statistics [2018-04-15]

detection period: 2018-04-15 00:00-23:59 UTC
total number of suspected botnet IPs: 101
number of botnet IPs notified to network operators: 89
number of spam blocked: 48959
recipient count of spam blocked: 1163371

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud5
2HINET-NET4
3KORNET-KR3
4CHINANET-GD3
5VNPT-VNNIC-VN2
6CMNET2
7CHINANET-ZJ2
8BEAMTELE-IN2
9broadNnet-KR1
10WASUHZ1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China24
2United States10
3France6
4Taiwan4
5South Korea4
6India4
7Argentina4
8Russian Federation3
9Germany3
10Colombia3

Suspected Bot List [2018-04-15]

detection period: 2018-04-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, April 15, 2018

Botnet Statistics [2018-04-14]

detection period: 2018-04-14 00:00-23:59 UTC
total number of suspected botnet IPs: 83
number of botnet IPs notified to network operators: 80
number of spam blocked: 40047
recipient count of spam blocked: 1115176

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ3
2broadNnet-KR2
3TencentCloud2
4CMNET2
5CHINANET-TJ2
6Xpeed-KR1
7VIS-70-1041
8VE-CSVE-LACNIC1
9VBG-NET1
10UNITEDPROTECTION-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China21
2United States12
3South Korea5
4Brazil5
5Colombia4
6United Kingdom3
7France3
8Germany3
9Canada3
10Bulgaria3

Suspected Bot List [2018-04-14]

detection period: 2018-04-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, April 14, 2018

Botnet Statistics [2018-04-13]

detection period: 2018-04-13 00:00-23:59 UTC
total number of suspected botnet IPs: 105
number of botnet IPs notified to network operators: 99
number of spam blocked: 33778
recipient count of spam blocked: 953935

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud5
2UCLOUD-NET3
3OVH3
4HINET-NET3
5UNICOM-CN2
6TENCENT-CN2
7CHINANET-ZJ2
8CHINANET-GD2
9YUNIFY-NET1
10Xpeed-KR1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China30
2United States13
3France6
4Taiwan4
5Russian Federation4
6Italy4
7Hong Kong4
8Germany4
9Turkey3
10India3

Suspected Bot List [2018-04-13]

detection period: 2018-04-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, April 13, 2018

Botnet Statistics [2018-04-12]

detection period: 2018-04-12 00:00-23:59 UTC
total number of suspected botnet IPs: 109
number of botnet IPs notified to network operators: 100
number of spam blocked: 49195
recipient count of spam blocked: 1334823

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ4
2TencentCloud3
3MSFT3
4broadNnet-KR2
5VNPT-VNNIC-VN2
6TENCENT-CN2
7TATACOMM-IN2
8KORNET-KR2
9HOSTWAY-052
10CHINANET-JS2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China28
2United States20
3Russian Federation7
4India7
5South Korea6
6Brazil5
7Viet Nam4
8Indonesia3
9Hong Kong3
10France3

Suspected Bot List [2018-04-12]

detection period: 2018-04-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Thursday, April 12, 2018

Botnet Statistics [2018-04-11]

detection period: 2018-04-11 00:00-23:59 UTC
total number of suspected botnet IPs: 194
number of botnet IPs notified to network operators: 178
number of spam blocked: 47468
recipient count of spam blocked: 1338129

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud8
2MSFT5
3KORNET-KR5
4JDCOM4
5HOSTWAY-054
6FR-OVH-200609204
7broadNnet-KR3
8DOPI13
9CHINANET-JS3
10ULTICLOUD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China37
2United States33
3Russian Federation11
4South Korea11
5France11
6Indonesia10
7India8
8Taiwan6
9United Kingdom5
10Germany5

Suspected Bot List [2018-04-11]

detection period: 2018-04-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US148.72.144.18United States

List from greylisting:

Wednesday, April 11, 2018

Botnet Statistics [2018-04-10]

detection period: 2018-04-10 00:00-23:59 UTC
total number of suspected botnet IPs: 110
number of botnet IPs notified to network operators: 92
number of spam blocked: 49545
recipient count of spam blocked: 1313568

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud4
2CHINANET-ZJ4
3MSFT3
4ULTICLOUD2
5NETVIGATOR2
6KORNET-KR2
7JDCOM2
8C_and_C_Advanced_Online_Services_Ltd2
9VODAFONE-IT-631
10VELTON-TC-LUGANSK-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China22
2United States18
3Russian Federation8
4India7
5Germany6
6France5
7Viet Nam3
8South Korea3
9Indonesia3
10Hong Kong3

Suspected Bot List [2018-04-10]

detection period: 2018-04-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US148.72.144.18United States

List from greylisting:

Tuesday, April 10, 2018

Botnet Statistics [2018-04-09]

detection period: 2018-04-09 00:00-23:59 UTC
total number of suspected botnet IPs: 84
number of botnet IPs notified to network operators: 79
number of spam blocked: 54252
recipient count of spam blocked: 1181687

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN5
2LAOTELECOM3
3UNICOM-SD2
4UNICOM-LN2
5UNICOM-CN2
6RU-AVANGARD-DSL2
7MSFT2
8HINET-NET2
9Cyanlink2
10CMNET2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China15
2United States8
3Russian Federation8
4Viet Nam7
5France7
6Brazil5
7Laos3
8United Kingdom3
9Taiwan2
10South Korea2

Suspected Bot List [2018-04-09]

detection period: 2018-04-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Monday, April 9, 2018

Botnet Statistics [2018-04-08]

detection period: 2018-04-08 00:00-23:59 UTC
total number of suspected botnet IPs: 164
number of botnet IPs notified to network operators: 146
number of spam blocked: 42668
recipient count of spam blocked: 1277345

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1MSFT5
2TencentCloud4
3HINET-NET4
4Bofinet-Wifi-FTTx4
5hcmccable-net3
6broadNnet-KR3
7TENCENT-CN3
8TEDATA-200911053
9DOPI13
10DIGITALOCEAN-AP3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China32
2United States16
3India14
4Russian Federation10
5Indonesia7
6Viet Nam6
7South Korea6
8Singapore5
9United Kingdom5
10France5

Suspected Bot List [2018-04-08]

detection period: 2018-04-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US148.72.144.18United States

List from greylisting:

Sunday, April 8, 2018

Botnet Statistics [2018-04-07]

detection period: 2018-04-07 00:00-23:59 UTC
total number of suspected botnet IPs: 167
number of botnet IPs notified to network operators: 158
number of spam blocked: 39068
recipient count of spam blocked: 1170112

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud12
2MSFT7
3VNPT-VNNIC-VN5
4KORNET-KR4
5HOSTWAY-054
6broadNnet-KR3
7TENCENT-CN3
8HINET-NET3
9GO-DADDY-COM-LLC3
10CHINANET-JS3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China42
2United States27
3Indonesia10
4Viet Nam9
5Russian Federation8
6South Korea7
7France7
8India6
9Brazil5
10Taiwan4

Suspected Bot List [2018-04-07]

detection period: 2018-04-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, April 7, 2018

Botnet Statistics [2018-04-06]

detection period: 2018-04-06 00:00-23:59 UTC
total number of suspected botnet IPs: 141
number of botnet IPs notified to network operators: 131
number of spam blocked: 41798
recipient count of spam blocked: 1170854

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud5
2MSFT4
3broadNnet-KR3
4VNPT-VNNIC-VN3
5KORNET-KR3
6HINET-NET3
7SO-NET2
8NETVIGATOR2
9LINTASARTA-NET2
10HOSTWAY-052

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China29
2United States15
3South Korea9
4Indonesia8
5France7
6Germany7
7India6
8Brazil5
9Viet Nam4
10Taiwan3

Suspected Bot List [2018-04-06]

detection period: 2018-04-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KW37.34.243.227Kuwait
SA188.53.163.228Saudi Arabia

List from greylisting:

Friday, April 6, 2018

Botnet Statistics [2018-04-05]

detection period: 2018-04-05 00:00-23:59 UTC
total number of suspected botnet IPs: 221
number of botnet IPs notified to network operators: 207
number of spam blocked: 46447
recipient count of spam blocked: 1208066

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud6
2KORNET-KR6
3broadNnet-KR5
4CHINANET-ZJ5
5VNPT-VNNIC-VN4
6UCLOUD-NET4
7CMNET4
8UNICOM-GD3
9MSFT3
10LGTELECOM-KR3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China46
2United States29
3South Korea18
4Viet Nam11
5Russian Federation11
6France11
7India9
8Indonesia7
9Brazil7
10Taiwan5

Suspected Bot List [2018-04-05]

detection period: 2018-04-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KW37.34.243.227Kuwait
MN202.170.70.8Mongolia
RS178.149.102.210Serbia
SA188.53.163.228Saudi Arabia
SA212.76.76.242Saudi Arabia
US96.37.155.42United States

List from greylisting:

Thursday, April 5, 2018

Botnet Statistics [2018-04-04]

detection period: 2018-04-04 00:00-23:59 UTC
total number of suspected botnet IPs: 146
number of botnet IPs notified to network operators: 133
number of spam blocked: 44691
recipient count of spam blocked: 1209331

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud6
2VNPT-VNNIC-VN5
3UCLOUD-NET3
4MSFT3
5LGTELECOM-KR3
6CHINANET-ZJ3
7BORANET-KR3
8VE-CSVE-LACNIC2
9TLKM_NASIONAL_180_RESERVED2
10TENCENT-CN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China29
2United States20
3India12
4France11
5Viet Nam10
6South Korea9
7Indonesia6
8Russian Federation4
9Canada4
10Brazil4

Suspected Bot List [2018-04-04]

detection period: 2018-04-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 13

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA129.208.217.199Saudi Arabia
SA188.50.130.43Saudi Arabia
SA212.76.76.242Saudi Arabia
US97.80.15.138United States

List from greylisting:

Wednesday, April 4, 2018

Botnet Statistics [2018-04-03]

detection period: 2018-04-03 00:00-23:59 UTC
total number of suspected botnet IPs: 164
number of botnet IPs notified to network operators: 153
number of spam blocked: 41918
recipient count of spam blocked: 1080702

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR15
2TencentCloud8
3VNPT-VNNIC-VN6
4broadNnet-KR2
5TENCENT-CN2
6TELKOMNET2
7RRNY2
8HINET-NET2
9FR-OVH-201208232
10FR-OVH-201001192

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China30
2United States21
3South Korea20
4France9
5Viet Nam8
6Russian Federation6
7India6
8Indonesia6
9United Kingdom5
10Germany4

Suspected Bot List [2018-04-03]

detection period: 2018-04-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.63.36.151Argentina
CZ185.82.212.95Czech Republic
IN202.62.76.14India
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA212.76.76.242Saudi Arabia
SA213.181.172.244Saudi Arabia
TN196.234.189.16Tunisia

List from greylisting:

Tuesday, April 3, 2018

Botnet Statistics [2018-04-02]

detection period: 2018-04-02 00:00-23:59 UTC
total number of suspected botnet IPs: 252
number of botnet IPs notified to network operators: 232
number of spam blocked: 38331
recipient count of spam blocked: 1087928

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR18
2TencentCloud11
3VNPT-VNNIC-VN5
4UCLOUD-NET5
5TENCENT-CN4
6KORNET-KR4
7NETVIGATOR3
8NETBLK-CHARTER-NET3
9HOSTWAY-053
10HINET-NET3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China50
2United States31
3South Korea30
4France13
5Russian Federation12
6United Kingdom11
7India9
8Viet Nam8
9Taiwan8
10Netherlands6

Suspected Bot List [2018-04-02]

detection period: 2018-04-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
EG41.65.218.72Egypt
IN202.62.76.14India
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA212.76.76.242Saudi Arabia
SA213.181.172.244Saudi Arabia
TN196.234.189.16Tunisia
US97.80.15.138United States
VE190.202.116.101Venezuela

List from greylisting:

Monday, April 2, 2018

Botnet Statistics [2018-04-01]

detection period: 2018-04-01 00:00-23:59 UTC
total number of suspected botnet IPs: 99
number of botnet IPs notified to network operators: 91
number of spam blocked: 52897
recipient count of spam blocked: 1107540

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN3
2TencentCloud3
3KORNET-KR3
4DOPI13
5CHINANET-ZJ3
6CHINANET-JS3
7broadNnet-KR2
8TimeNet2
9NETVIGATOR2
10HINET-NET2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China24
2United States12
3Viet Nam7
4Russian Federation6
5Netherlands5
6South Korea5
7India5
8United Kingdom5
9France5
10Taiwan3

Suspected Bot List [2018-04-01]

detection period: 2018-04-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, April 1, 2018

Botnet Statistics [2018-03-31]

detection period: 2018-03-31 00:00-23:59 UTC
total number of suspected botnet IPs: 65
number of botnet IPs notified to network operators: 62
number of spam blocked: 50403
recipient count of spam blocked: 1161190

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud7
2CHINANET-ZJ4
3VNPT-VNNIC-VN2
4UNICOM-LN2
5MSFT2
6CHINANET-JS2
7010.379.340/0001-292
8Xpeed-KR1
9WHF-NETWORK1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China30
2United States8
3Indonesia3
4Viet Nam2
5Israel2
6Brazil2
7Venezuela1
8Taiwan1
9Thailand1
10Singapore1

Suspected Bot List [2018-03-31]

detection period: 2018-03-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
VE190.202.116.101Venezuela

List from greylisting: