Custom Search

Friday, August 31, 2018

Botnet Statistics [2018-08-30]

detection period: 2018-08-30 00:00-23:59 UTC
total number of suspected botnet IPs: 599
number of botnet IPs notified to network operators: 548
number of spam blocked: 2136
recipient count of spam blocked: 62964

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud26
2KORNET-KR15
3CMNET15
4CO-ACSA-LACNIC14
5TENCENT-CN10
6GO-DADDY-COM-LLC9
7BSNLNET7
8HINET-NET6
9CHINANET-SH6
10CHINANET-GD6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China181
2United States74
3France45
4South Korea24
5Colombia24
6Italy22
7India19
8Brazil18
9Viet Nam15
10Indonesia12

Suspected Bot List [2018-08-30]

detection period: 2018-08-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 51

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, August 30, 2018

Botnet Statistics [2018-08-29]

detection period: 2018-08-29 00:00-23:59 UTC
total number of suspected botnet IPs: 491
number of botnet IPs notified to network operators: 449
number of spam blocked: 3614
recipient count of spam blocked: 108394

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud17
2KORNET-KR16
3CO-ACSA-LACNIC9
4TENCENT-CN8
5CMNET8
6CHINANET-GD8
7VNPT-VNNIC-VN7
8HO-25
9HINET-NET5
10GOOGLE-CLOUD5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China125
2United States49
3France44
4South Korea34
5Viet Nam22
6Brazil20
7India19
8Colombia16
9Russian Federation14
10Italy14

Suspected Bot List [2018-08-29]

detection period: 2018-08-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 43

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, August 29, 2018

Botnet Statistics [2018-08-28]

detection period: 2018-08-28 00:00-23:59 UTC
total number of suspected botnet IPs: 401
number of botnet IPs notified to network operators: 357
number of spam blocked: 4059
recipient count of spam blocked: 121770

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud18
2KORNET-KR18
3CMNET7
4CHINANET-GD7
5TENCENT-CN6
6FR-OVH-200103025
7Baidu5
8UNKNOWN4
9TELKOMNET4
10OVH4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China92
2France40
3United States32
4South Korea27
5India21
6Canada15
7Indonesia14
8Brazil14
9Italy13
10Viet Nam11

Suspected Bot List [2018-08-28]

detection period: 2018-08-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 47

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, August 28, 2018

Botnet Statistics [2018-08-27]

detection period: 2018-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 292
number of botnet IPs notified to network operators: 272
number of spam blocked: 3555
recipient count of spam blocked: 106650

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud13
2KORNET-KR10
3CHINANET-GD9
4VNPT-VNNIC-VN7
5OVH5
6FR-OVH5
7CMNET5
8Baidu5
9UNICOM-LN4
10TENCENT-CN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China89
2France31
3United States22
4South Korea18
5India13
6Viet Nam11
7Brazil11
8United Kingdom9
9Canada9
10Russian Federation6

Suspected Bot List [2018-08-27]

detection period: 2018-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE89.197.1.54Germany

List from greylisting:

Monday, August 27, 2018

Botnet Statistics [2018-08-26]

detection period: 2018-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 206
number of botnet IPs notified to network operators: 188
number of spam blocked: 5798
recipient count of spam blocked: 116837

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud13
2CHINANET-GD10
3CMNET8
4KORNET-KR6
5Baidu5
6UNKNOWN4
7TENCENT-CN3
8CHINANET-SC3
9CABLE-13
10VNPT-VNNIC-VN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China83
2United States20
3South Korea10
4France9
5India7
6Brazil6
7Russian Federation5
8United Kingdom5
9Viet Nam4
10Australia4

Suspected Bot List [2018-08-26]

detection period: 2018-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, August 26, 2018

Botnet Statistics [2018-08-25]

detection period: 2018-08-25 00:00-23:59 UTC
total number of suspected botnet IPs: 251
number of botnet IPs notified to network operators: 230
number of spam blocked: 3451
recipient count of spam blocked: 103530

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud18
2VNPT-VNNIC-VN9
3KORNET-KR6
4CMNET6
5CHINANET-GD6
6TENCENT-CN5
7Baidu4
8UNICOM-JS3
9UNICOM-CN3
10CHINANET-ZJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China95
2United States25
3Viet Nam11
4France11
5South Korea10
6Russian Federation8
7India8
8Brazil5
9Ukraine4
10Taiwan4

Suspected Bot List [2018-08-25]

detection period: 2018-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 25, 2018

Botnet Statistics for July 2018

detection period: 2018-07-01 00:00 - 2018-07-31 23:59 UTC
total number of suspected botnet IPs: 4480
number of blocked spams: 717055
recipient count of blocked spams: 19316862

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China915
2United States607
3France303
4Brazil225
5South Korea186
6Russian Federation172
7Viet Nam155
8India135
9Italy124
10Germany112
11Canada92
12United Kingdom90
13Indonesia83
14Netherlands79
15Ecuador79
16Egypt70
17Thailand62
18Colombia62
19Taiwan56
20Poland46
21Spain46
22Mexico34
23Ukraine32
24Singapore32
25Chile32

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China579591
2Italy81571
3United States30271
4Venezuela14385
5Tunisia6009
6South Korea1729
7ZZ1268
8Colombia986
9South Africa500
10India383
11Saudi Arabia203
12Netherlands85
13United Kingdom25
14France13
15Spain10
16Russian Federation4
17Brazil4
18Taiwan3
19Singapore2
20Sweden2
21Indonesia2
22Poland1
23Nigeria1
24Iran1
25Ecuador1

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-08-24]

detection period: 2018-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 392
number of botnet IPs notified to network operators: 369
number of spam blocked: 10385
recipient count of spam blocked: 284730

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud20
2KORNET-KR9
3Baidu7
4HO-26
5CMNET6
6CHINANET-GD6
7broadNnet-KR5
8TENCENT-CN5
9HINET-NET5
10VNPT-VNNIC-VN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China105
2United States41
3France31
4South Korea20
5Brazil18
6Viet Nam12
7Italy12
8India12
9Canada12
10Russian Federation8

Suspected Bot List [2018-08-24]

detection period: 2018-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2018-08-23]

detection period: 2018-08-23 00:00-23:59 UTC
total number of suspected botnet IPs: 408
number of botnet IPs notified to network operators: 378
number of spam blocked: 6527
recipient count of spam blocked: 241865

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud15
2Baidu11
3KORNET-KR8
4CMNET7
5AT-88-Z7
6VNPT-VNNIC-VN6
7MSFT5
8GO-DADDY-COM-LLC5
9CHINANET-JS5
10CHINANET-GD5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China99
2United States58
3France32
4Brazil22
5South Korea17
6Viet Nam15
7India14
8Italy11
9Indonesia11
10Canada11

Suspected Bot List [2018-08-23]

detection period: 2018-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 33

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ES88.26.216.95Spain

List from greylisting:

Friday, August 24, 2018

Botnet Statistics [2018-08-22]

detection period: 2018-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 294
number of botnet IPs notified to network operators: 260
number of spam blocked: 3732
recipient count of spam blocked: 130127

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR9
2TencentCloud6
3MTN-Nigeria6
4CMNET6
5CHINANET-GD6
6OVH4
7GOOGLE-CLOUD4
8BSNLNET4
9VPS_Customers_KV_Solutions3
10UNKNOWN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China67
2United States39
3France22
4Russian Federation12
5South Korea12
6Netherlands10
7Italy10
8Viet Nam9
9India9
10Brazil8

Suspected Bot List [2018-08-22]

detection period: 2018-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, August 22, 2018

Botnet Statistics [2018-08-21]

detection period: 2018-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 215
number of botnet IPs notified to network operators: 193
number of spam blocked: 18240
recipient count of spam blocked: 546794

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud6
2CHINANET-GD6
3VNPT-VNNIC-VN5
4KORNET-KR5
5002.558.134/0001-584
6MSFT3
7BHARTI-IN3
8Wotone2
9WITRIBE2
10UNICOM-LN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China45
2United States22
3Brazil13
4France12
5India11
6South Korea8
7Viet Nam6
8Russian Federation6
9United Kingdom6
10Germany6

Suspected Bot List [2018-08-21]

detection period: 2018-08-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, August 21, 2018

Botnet Statistics [2018-08-20]

detection period: 2018-08-20 00:00-23:59 UTC
total number of suspected botnet IPs: 282
number of botnet IPs notified to network operators: 250
number of spam blocked: 27608
recipient count of spam blocked: 852587

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud18
2CHINANET-GD9
3TENCENT-CN8
4KORNET-KR7
5CMNET6
6VNPT-VNNIC-VN4
7LLU-POOL-KLN4
8IUNET44
9LLU-POOL-LSF3
10HO-23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China97
2France20
3United States15
4Netherlands13
5Brazil13
6South Korea10
7Canada9
8Viet Nam8
9Indonesia7
10India6

Suspected Bot List [2018-08-20]

detection period: 2018-08-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
FR185.216.26.151France

List from greylisting:

Monday, August 20, 2018

Botnet Statistics [2018-08-19]

detection period: 2018-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 406
number of botnet IPs notified to network operators: 363
number of spam blocked: 24129
recipient count of spam blocked: 739011

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud32
2KORNET-KR12
3TENCENT-CN10
4GO-DADDY-COM-LLC7
5CHINANET-GD7
6UCLOUD-NET6
7NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK6
8CMNET6
9HINET-NET5
10Baidu5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China126
2United States46
3France40
4South Korea22
5Brazil18
6India15
7Viet Nam11
8Netherlands9
9Indonesia9
10Germany9

Suspected Bot List [2018-08-19]

detection period: 2018-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 46

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
FR185.216.26.151France

List from greylisting:

Sunday, August 19, 2018

Botnet Statistics [2018-08-18]

detection period: 2018-08-18 00:00-23:59 UTC
total number of suspected botnet IPs: 454
number of botnet IPs notified to network operators: 408
number of spam blocked: 25346
recipient count of spam blocked: 766366

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud24
2KORNET-KR17
3CMNET10
4Baidu10
5VNPT-VNNIC-VN8
6TENCENT-CN7
7CHINANET-GD7
8GO-DADDY-COM-LLC6
9HO-25
10broadNnet-KR4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China128
2France45
3United States42
4South Korea26
5India16
6Indonesia16
7Brazil16
8Viet Nam15
9Russian Federation11
10Italy11

Suspected Bot List [2018-08-18]

detection period: 2018-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 46

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 18, 2018

Botnet Statistics [2018-08-17]

detection period: 2018-08-17 00:00-23:59 UTC
total number of suspected botnet IPs: 318
number of botnet IPs notified to network operators: 285
number of spam blocked: 16674
recipient count of spam blocked: 499600

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud21
2KORNET-KR12
3TENCENT-CN5
4Baidu5
5SINNET4
6IUNET44
7CO-ETBE-LACNIC4
8CMNET4
9CHINANET-SH4
10VNPT-VNNIC-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China96
2United States33
3France31
4South Korea19
5India19
6Indonesia10
7Italy9
8United Kingdom8
9Viet Nam7
10Colombia7

Suspected Bot List [2018-08-17]

detection period: 2018-08-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 33

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
FR185.216.26.151France

List from greylisting:

Friday, August 17, 2018

Botnet Statistics [2018-08-16]

detection period: 2018-08-16 00:00-23:59 UTC
total number of suspected botnet IPs: 290
number of botnet IPs notified to network operators: 272
number of spam blocked: 16650
recipient count of spam blocked: 544633

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud19
2KORNET-KR6
3Baidu6
4CMNET5
5VNPT-VNNIC-VN4
6UCLOUD-NET4
7CHINANET-JS4
8CHINANET-GD4
9TENCENT-CN3
10FR-OVH-200609203

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China95
2United States25
3France21
4Russian Federation10
5Italy10
6Germany10
7Brazil10
8South Korea9
9Netherlands7
10India7

Suspected Bot List [2018-08-16]

detection period: 2018-08-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE89.197.1.54Germany

List from greylisting:

Thursday, August 16, 2018

Botnet Statistics [2018-08-15]

detection period: 2018-08-15 00:00-23:59 UTC
total number of suspected botnet IPs: 347
number of botnet IPs notified to network operators: 315
number of spam blocked: 17673
recipient count of spam blocked: 530952

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud15
2KORNET-KR8
3TENCENT-CN7
4GOOGLE-CLOUD6
5CHINANET-JS6
6VNPT-VNNIC-VN5
7LLU-POOL-KLN5
8CMNET5
9UCLOUD-NET4
10TELKOMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China83
2United States45
3France27
4India19
5South Korea17
6Netherlands14
7Italy12
8Brazil12
9Russian Federation11
10Viet Nam10

Suspected Bot List [2018-08-15]

detection period: 2018-08-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, August 15, 2018

Botnet Statistics [2018-08-14]

detection period: 2018-08-14 00:00-23:59 UTC
total number of suspected botnet IPs: 449
number of botnet IPs notified to network operators: 415
number of spam blocked: 13971
recipient count of spam blocked: 420349

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud20
2KORNET-KR13
3CMNET8
4VNPT-VNNIC-VN6
5TENCENT-CN5
6HINET-NET5
7GOOGLE-CLOUD5
8Baidu5
9broadNnet-KR4
10ONLINE_NET_DEDICATED_SERVERS4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China104
2United States63
3France48
4South Korea26
5India22
6Brazil18
7Italy14
8Viet Nam13
9Russian Federation13
10Indonesia13

Suspected Bot List [2018-08-14]

detection period: 2018-08-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2018-08-13]

detection period: 2018-08-13 00:00-23:59 UTC
total number of suspected botnet IPs: 369
number of botnet IPs notified to network operators: 335
number of spam blocked: 12529
recipient count of spam blocked: 396901

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud18
2KORNET-KR10
3TENCENT-CN8
4FR-OVH-200609206
5ONLINE_NET_DEDICATED_SERVERS5
6CHINANET-GD5
7HINET-NET4
8GOOGLE-CLOUD4
9GO-DADDY-COM-LLC4
10CMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China88
2United States47
3France39
4Italy16
5South Korea14
6Russian Federation13
7Canada13
8India11
9Indonesia10
10Thailand9

Suspected Bot List [2018-08-13]

detection period: 2018-08-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, August 13, 2018

Botnet Statistics [2018-08-12]

detection period: 2018-08-12 00:00-23:59 UTC
total number of suspected botnet IPs: 375
number of botnet IPs notified to network operators: 337
number of spam blocked: 13439
recipient count of spam blocked: 436493

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR12
2TencentCloud10
3TENCENT-CN7
4CHINANET-GD6
5broadNnet-KR5
6VNPT-VNNIC-VN4
7TELKOMNET4
8HINET-NET4
9EC-ANSA-LACNIC4
10CO-EPME1-LACNIC4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China79
2United States40
3France34
4South Korea25
5Italy18
6Brazil15
7Indonesia13
8Russian Federation12
9Colombia11
10India9

Suspected Bot List [2018-08-12]

detection period: 2018-08-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 38

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, August 12, 2018

Botnet Statistics [2018-08-11]

detection period: 2018-08-11 00:00-23:59 UTC
total number of suspected botnet IPs: 401
number of botnet IPs notified to network operators: 366
number of spam blocked: 16816
recipient count of spam blocked: 602308

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud17
2KORNET-KR13
3broadNnet-KR5
4CHINANET-SH5
5CHINANET-SC5
6UNICOM-JS4
7NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK4
8FR-OVH-201505224
9FR-OVH4
10CO-ACSA-LACNIC4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China96
2France50
3United States38
4South Korea27
5Italy17
6Russian Federation13
7Brazil13
8Viet Nam9
9India9
10Indonesia9

Suspected Bot List [2018-08-11]

detection period: 2018-08-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 11, 2018

Botnet Statistics [2018-08-10]

detection period: 2018-08-10 00:00-23:59 UTC
total number of suspected botnet IPs: 390
number of botnet IPs notified to network operators: 358
number of spam blocked: 11315
recipient count of spam blocked: 339044

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud13
2KORNET-KR11
3CHINANET-GD7
4VNPT-VNNIC-VN5
5FR-OVH5
6TENCENT-CN4
7HINET-NET4
8GO-DADDY-COM-LLC4
9FR-OVH-200609204
10CHINANET-JS4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China82
2France43
3United States37
4South Korea20
5Brazil16
6Italy15
7India15
8Indonesia14
9Viet Nam12
10Netherlands12

Suspected Bot List [2018-08-10]

detection period: 2018-08-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 33

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, August 10, 2018

Botnet Statistics [2018-08-09]

detection period: 2018-08-09 00:00-23:59 UTC
total number of suspected botnet IPs: 459
number of botnet IPs notified to network operators: 424
number of spam blocked: 15648
recipient count of spam blocked: 468724

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud21
2KORNET-KR16
3CHINANET-JS9
4CMNET7
5Baidu7
6VNPT-VNNIC-VN6
7broadNnet-KR5
8CHINANET-SH5
9BSNLNET5
10TELKOMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China129
2United States39
3France39
4India28
5South Korea27
6Italy21
7Brazil20
8Viet Nam18
9Indonesia14
10Russian Federation13

Suspected Bot List [2018-08-09]

detection period: 2018-08-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 35

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA167.114.161.24Canada

List from greylisting:

Thursday, August 9, 2018

Botnet Statistics [2018-08-08]

detection period: 2018-08-08 00:00-23:59 UTC
total number of suspected botnet IPs: 353
number of botnet IPs notified to network operators: 322
number of spam blocked: 18650
recipient count of spam blocked: 558862

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud16
2KORNET-KR14
3VNPT-VNNIC-VN7
4CHINANET-JS6
5TENCENT-CN5
6UNICOM-JS4
7MX-USCV4-LACNIC4
8GO-DADDY-COM-LLC4
9FR-OVH-200609204
10CHINANET-SH4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China99
2United States41
3France28
4South Korea21
5India16
6Viet Nam15
7Russian Federation13
8Brazil10
9Indonesia8
10Italy7

Suspected Bot List [2018-08-08]

detection period: 2018-08-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, August 8, 2018

Botnet Statistics [2018-08-07]

detection period: 2018-08-07 00:00-23:59 UTC
total number of suspected botnet IPs: 444
number of botnet IPs notified to network operators: 401
number of spam blocked: 13380
recipient count of spam blocked: 400907

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud21
2KORNET-KR15
3GO-DADDY-COM-LLC8
4TENCENT-CN7
5CHINANET-GD7
6CMNET6
7CHINANET-SH6
8CHINANET-JS6
9broadNnet-KR5
10HINET-NET5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China107
2United States60
3France40
4South Korea27
5Brazil16
6Indonesia14
7Viet Nam13
8India13
9United Kingdom13
10Russian Federation11

Suspected Bot List [2018-08-07]

detection period: 2018-08-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 44

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Botnet Statistics [2018-08-06]

detection period: 2018-08-06 00:00-23:59 UTC
total number of suspected botnet IPs: 411
number of botnet IPs notified to network operators: 367
number of spam blocked: 18051
recipient count of spam blocked: 539094

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud15
2KORNET-KR15
3CMNET7
4DO-136
5CHINANET-GD6
6HINET-NET5
7EC-ANSA-LACNIC5
8TENCENT-CN4
9SELECTEL-NET4
10HO-24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China77
2United States46
3France40
4South Korea33
5Brazil21
6Russian Federation18
7India17
8Indonesia13
9Italy10
10Viet Nam9

Suspected Bot List [2018-08-06]

detection period: 2018-08-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 44

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, August 6, 2018

Botnet Statistics [2018-08-05]

detection period: 2018-08-05 00:00-23:59 UTC
total number of suspected botnet IPs: 313
number of botnet IPs notified to network operators: 282
number of spam blocked: 27948
recipient count of spam blocked: 837415

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud14
2KORNET-KR11
3CMNET9
4HINET-NET6
5CHINANET-SH5
6broadNnet-KR4
7THAINET-TH4
8FR-OVH-201203204
9DO-134
10CHINANET-JS4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China74
2United States38
3South Korea23
4France20
5Brazil14
6India13
7Italy12
8Russian Federation10
9Germany10
10Thailand8

Suspected Bot List [2018-08-05]

detection period: 2018-08-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ZA197.169.27.128South Africa

List from greylisting:

Sunday, August 5, 2018

Botnet Statistics [2018-08-04]

detection period: 2018-08-04 00:00-23:59 UTC
total number of suspected botnet IPs: 469
number of botnet IPs notified to network operators: 420
number of spam blocked: 24213
recipient count of spam blocked: 725665

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud20
2KORNET-KR19
3CMNET8
4TENCENT-CN7
5OVH7
6CHINANET-JS6
7VNPT-VNNIC-VN5
8UNKNOWN5
9UNICOM-CN5
10NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China119
2United States51
3France39
4South Korea30
5India21
6Italy17
7Russian Federation15
8Netherlands15
9Viet Nam13
10Indonesia11

Suspected Bot List [2018-08-04]

detection period: 2018-08-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 50

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CN115.231.16.138China
CN115.231.16.175China

List from greylisting:

Saturday, August 4, 2018

Botnet Statistics [2018-08-03]

detection period: 2018-08-03 00:00-23:59 UTC
total number of suspected botnet IPs: 383
number of botnet IPs notified to network operators: 346
number of spam blocked: 23588
recipient count of spam blocked: 678469

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud22
2KORNET-KR10
3CHINANET-GD8
4CHINANET-SH5
5broadNnet-KR4
6VNPT-VNNIC-VN4
7TENCENT-CN4
8CHINANET-JS4
9CABLE-14
10BHARTI-IN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China108
2United States38
3France28
4South Korea21
5India19
6Brazil18
7Russian Federation12
8Viet Nam9
9United Kingdom9
10Germany9

Suspected Bot List [2018-08-03]

detection period: 2018-08-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 37

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, August 3, 2018

Botnet Statistics [2018-08-02]

detection period: 2018-08-02 00:00-23:59 UTC
total number of suspected botnet IPs: 436
number of botnet IPs notified to network operators: 396
number of spam blocked: 28867
recipient count of spam blocked: 640134

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud31
2KORNET-KR15
3VNPT-VNNIC-VN7
4Baidu7
5HINET-NET5
6CHINANET-JX5
7000.065.376/0002-655
8TELKOMNET4
9IUNET44
10GO-DADDY-COM-LLC4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China99
2France40
3United States39
4Brazil26
5South Korea23
6Indonesia17
7Russian Federation16
8Viet Nam15
9Italy14
10India12

Suspected Bot List [2018-08-02]

detection period: 2018-08-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 41

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, August 2, 2018

Botnet Statistics [2018-08-01]

detection period: 2018-08-01 00:00-23:59 UTC
total number of suspected botnet IPs: 401
number of botnet IPs notified to network operators: 360
number of spam blocked: 25254
recipient count of spam blocked: 501405

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud24
2KORNET-KR12
3Baidu11
4TENCENT-CN9
5HINET-NET5
6CABLE-15
7VNPT-VNNIC-VN4
8UCLOUD-NET4
9GO-DADDY-COM-LLC4
10CMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China112
2United States46
3France35
4South Korea22
5India19
6Brazil15
7Russian Federation12
8United Kingdom11
9Canada10
10Italy9

Suspected Bot List [2018-08-01]

detection period: 2018-08-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 41

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ZA105.4.1.157South Africa

List from greylisting:

Wednesday, August 1, 2018

Suspected Bots' IP List for July 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-07-01]
Suspected Bots IP [2018-07-02]
Suspected Bots IP [2018-07-03]
Suspected Bots IP [2018-07-04]
Suspected Bots IP [2018-07-05]
Suspected Bots IP [2018-07-06]
Suspected Bots IP [2018-07-07]
Suspected Bots IP [2018-07-08]
Suspected Bots IP [2018-07-09]
Suspected Bots IP [2018-07-10]
Suspected Bots IP [2018-07-11]
Suspected Bots IP [2018-07-12]
Suspected Bots IP [2018-07-13]
Suspected Bots IP [2018-07-14]
Suspected Bots IP [2018-07-15]
Suspected Bots IP [2018-07-16]
Suspected Bots IP [2018-07-17]
Suspected Bots IP [2018-07-18]
Suspected Bots IP [2018-07-19]
Suspected Bots IP [2018-07-20]
Suspected Bots IP [2018-07-21]
Suspected Bots IP [2018-07-22]
Suspected Bots IP [2018-07-23]
Suspected Bots IP [2018-07-24]
Suspected Bots IP [2018-07-25]
Suspected Bots IP [2018-07-26]
Suspected Bots IP [2018-07-27]
Suspected Bots IP [2018-07-28]
Suspected Bots IP [2018-07-29]
Suspected Bots IP [2018-07-30]
Suspected Bots IP [2018-07-31]

Suspected Bots' IP List for June 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-06-01]
Suspected Bots IP [2018-06-02]
Suspected Bots IP [2018-06-03]
Suspected Bots IP [2018-06-04]
Suspected Bots IP [2018-06-05]
Suspected Bots IP [2018-06-06]
Suspected Bots IP [2018-06-07]
Suspected Bots IP [2018-06-08]
Suspected Bots IP [2018-06-09]
Suspected Bots IP [2018-06-10]
Suspected Bots IP [2018-06-11]
Suspected Bots IP [2018-06-12]
Suspected Bots IP [2018-06-13]
Suspected Bots IP [2018-06-14]
Suspected Bots IP [2018-06-15]
Suspected Bots IP [2018-06-16]
Suspected Bots IP [2018-06-17]
Suspected Bots IP [2018-06-18]
Suspected Bots IP [2018-06-19]
Suspected Bots IP [2018-06-20]
Suspected Bots IP [2018-06-21]
Suspected Bots IP [2018-06-22]
Suspected Bots IP [2018-06-23]
Suspected Bots IP [2018-06-24]
Suspected Bots IP [2018-06-25]
Suspected Bots IP [2018-06-26]
Suspected Bots IP [2018-06-27]
Suspected Bots IP [2018-06-28]
Suspected Bots IP [2018-06-29]
Suspected Bots IP [2018-06-30]

Botnet Statistics [2018-07-31]

detection period: 2018-07-31 00:00-23:59 UTC
total number of suspected botnet IPs: 445
number of botnet IPs notified to network operators: 410
number of spam blocked: 11888
recipient count of spam blocked: 240408

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud27
2KORNET-KR16
3Baidu9
4HO-26
5HINET-NET6
6CHINANET-JS6
7broadNnet-KR4
8LINTASARTA-NET4
9GO-DADDY-COM-LLC4
10DOPI14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China101
2United States54
3France37
4South Korea29
5Italy19
6India19
7Canada16
8Brazil14
9Indonesia13
10Netherlands10

Suspected Bot List [2018-07-31]

detection period: 2018-07-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting: