Custom Search

Thursday, August 31, 2017

Botnet Statistics [2017-08-30]

detection period: 2017-08-30 00:00-23:59 UTC
total number of suspected botnet IPs: 377
number of botnet IPs notified to network operators: 343
number of spam blocked: 35537
recipient count of spam blocked: 305074

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU68
2CMNET67
3Baidu35
4ALISOFT12
5VNPT-VNNIC-VN11
6BSNLNET8
7UNIFIEDLAYER-NETWORK-147
8CHINANET-JS7
9CHINANET-AH7
10LSN-DLLSTX-86

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China230
2India29
3Viet Nam21
4United States15
5Iran12
6Russian Federation5
7Brazil5
8Colombia4
9Canada4
10Taiwan3

Suspected Bot List [2017-08-30]

detection period: 2017-08-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH125.26.207.22Thailand
UY179.24.115.79Uruguay

List from greylisting:

Wednesday, August 30, 2017

Botnet Statistics [2017-08-29]

detection period: 2017-08-29 00:00-23:59 UTC
total number of suspected botnet IPs: 310
number of botnet IPs notified to network operators: 284
number of spam blocked: 18297
recipient count of spam blocked: 123191

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU75
2CMNET42
3Baidu26
4ALISOFT10
5VNPT-VNNIC-VN9
6CHINANET-AH6
7HICHINA5
8CHINANET-GD5
9TencentCloud4
10LSN-DLLSTX-24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China205
2India21
3Viet Nam14
4United States14
5Thailand6
6Chile5
7Taiwan3
8Turkey3
9Tunisia3
10Russian Federation3

Suspected Bot List [2017-08-29]

detection period: 2017-08-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 26

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
TH122.154.239.109Thailand
TH125.26.207.22Thailand
UY179.26.236.58Uruguay

List from greylisting:

Tuesday, August 29, 2017

Botnet Statistics [2017-08-28]

detection period: 2017-08-28 00:00-23:59 UTC
total number of suspected botnet IPs: 232
number of botnet IPs notified to network operators: 218
number of spam blocked: 20488
recipient count of spam blocked: 29399

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET46
2WASU41
3Baidu27
4CHINANET-JS12
5HOSTWINDS-19-17
6CHINANET-GD7
7LSN-DLLSTX-26
8VNPT-VNNIC-VN5
9CHINANET-SD5
10CHINANET-AH5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China164
2United States15
3India11
4Viet Nam8
5Russian Federation3
6Iran3
7Ukraine2
8Thailand2
9Hong Kong2
10Brazil2

Suspected Bot List [2017-08-28]

detection period: 2017-08-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, August 28, 2017

Botnet Statistics [2017-08-27]

detection period: 2017-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 118
number of botnet IPs notified to network operators: 113
number of spam blocked: 9372
recipient count of spam blocked: 53993

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu25
2CHINANET-JS11
3CMNET6
4CHINANET-AH6
5CHINANET-ZJ-TZ5
6CHINANET-GD5
7WASU4
8LSN-DLLSTX-14
9CHINANET-SD4
10CHINANET-HB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China84
2United States10
3Viet Nam2
4Taiwan2
5Turkey2
6Pakistan2
7Chile2
8Thailand1
9Russian Federation1
10Romania1

Suspected Bot List [2017-08-27]

detection period: 2017-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
IN122.165.237.29India
PK202.61.51.123Pakistan

List from greylisting:

Sunday, August 27, 2017

Botnet Statistics [2017-08-26]

detection period: 2017-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 91
number of botnet IPs notified to network operators: 88
number of spam blocked: 14115
recipient count of spam blocked: 29286

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu23
2CHINANET-JS11
3CHINANET-GD8
4LSN-DLLSTX-15
5CMNET5
6CHINANET-ZJ-TZ4
7CHINANET-HB4
8HICHINA3
9CHINANET-AH3
10CHINANET-SD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China69
2United States8
3Russian Federation2
4Kazakhstan2
5South Africa1
6Viet Nam1
7Turkey1
8Thailand1
9Poland1
10Malaysia1

Suspected Bot List [2017-08-26]

detection period: 2017-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 26, 2017

Botnet Statistics [2017-08-25]

detection period: 2017-08-25 00:00-23:59 UTC
total number of suspected botnet IPs: 256
number of botnet IPs notified to network operators: 216
number of spam blocked: 26658
recipient count of spam blocked: 75830

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET30
2Baidu27
3WASU23
4VNPT-VNNIC-VN12
5CHINANET-GD9
6ALISOFT8
7UNIFIEDLAYER-NETWORK-147
8PSINETA4
9CHINANET-JS4
10CHINANET-HB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China130
2Viet Nam21
3India17
4United States13
5Indonesia5
6Thailand4
7Chile4
8Taiwan3
9Turkey3
10Pakistan3

Suspected Bot List [2017-08-25]

detection period: 2017-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 40

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
DE185.172.56.56Germany
TH125.26.207.22Thailand
UY167.57.94.26Uruguay

List from greylisting:

Friday, August 25, 2017

Botnet Statistics [2017-08-24]

detection period: 2017-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 246
number of botnet IPs notified to network operators: 218
number of spam blocked: 32480
recipient count of spam blocked: 57369

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET57
2Baidu27
3WASU23
4VNPT-VNNIC-VN9
5CHINANET-GD8
6UNIFIEDLAYER-NETWORK-146
7PSINETA6
8RIMA4
9UNICOM-HN3
10FPT-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China137
2Viet Nam19
3India17
4United States13
5Spain6
6Colombia5
7Brazil5
8Pakistan4
9Turkey2
10Portugal2

Suspected Bot List [2017-08-24]

detection period: 2017-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 28

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, August 24, 2017

Botnet Statistics [2017-08-23]

detection period: 2017-08-23 00:00-23:59 UTC
total number of suspected botnet IPs: 162
number of botnet IPs notified to network operators: 137
number of spam blocked: 27360
recipient count of spam blocked: 81859

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2VNPT-VNNIC-VN7
3UNIFIEDLAYER-NETWORK-146
4CMNET5
5BSNLNET5
6BHARTI-IN5
7CHINANET-GD4
8AMANAH4
9ALISOFT4
10TencentCloud3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China48
2India22
3United States16
4Viet Nam15
5Pakistan6
6Turkey5
7Canada5
8Indonesia4
9Brazil4
10Thailand3

Suspected Bot List [2017-08-23]

detection period: 2017-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
JO185.98.225.114Jordan
PK202.61.51.123Pakistan
TH61.7.236.60Thailand
TH125.26.207.22Thailand
UY167.56.166.56Uruguay
UY179.25.70.99Uruguay

List from greylisting:

Wednesday, August 23, 2017

Botnet Statistics [2017-08-22]

detection period: 2017-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 216
number of botnet IPs notified to network operators: 191
number of spam blocked: 30501
recipient count of spam blocked: 88297

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU33
2Baidu27
3CMNET19
4UNIFIEDLAYER-NETWORK-147
5CHINANET-JS6
6ALISOFT6
7WASU-BB5
8CHINANET-GD5
9VNPT-VNNIC-VN4
10TencentCloud4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China124
2United States14
3Viet Nam13
4India9
5Thailand6
6Iran5
7Colombia5
8Taiwan4
9Turkey4
10Poland3

Suspected Bot List [2017-08-22]

detection period: 2017-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH110.164.161.77Thailand
TH119.46.209.163Thailand
TH125.25.170.138Thailand
TH125.26.207.22Thailand
UY167.57.121.198Uruguay

List from greylisting:

Tuesday, August 22, 2017

Botnet Statistics [2017-08-21]

detection period: 2017-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 263
number of botnet IPs notified to network operators: 244
number of spam blocked: 30846
recipient count of spam blocked: 63630

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET72
2WASU63
3Baidu27
4HOSTWINDS-19-16
5ALISOFT6
6UNIFIEDLAYER-NETWORK-145
7CHINANET-GD4
8TencentCloud3
9MSFT3
10CHINANET-ZJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China209
2United States14
3Netherlands3
4Chile3
5Uruguay2
6Taiwan2
7Turkey2
8Thailand2
9Peru2
10Indonesia2

Suspected Bot List [2017-08-21]

detection period: 2017-08-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH110.164.161.77Thailand
UY167.56.0.79Uruguay
UY179.25.163.225Uruguay

List from greylisting:

Monday, August 21, 2017

Botnet Statistics [2017-08-20]

detection period: 2017-08-20 00:00-23:59 UTC
total number of suspected botnet IPs: 144
number of botnet IPs notified to network operators: 133
number of spam blocked: 3190
recipient count of spam blocked: 3190

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET43
2Baidu25
3WASU21
4CHINANET-HB4
5LSN-DLLSTX-13
6CHINANET-GD3
7CHINANET-AH3
8UNICOM-HN2
9TencentCloud2
10CHINANET-SN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China112
2Brazil6
3Russian Federation4
4Bulgaria4
5United States3
6Poland3
7Spain2
8Argentina2
9South Africa1
10Japan1

Suspected Bot List [2017-08-20]

detection period: 2017-08-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, August 20, 2017

Botnet Statistics [2017-08-19]

detection period: 2017-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 155
number of botnet IPs notified to network operators: 132
number of spam blocked: 3470
recipient count of spam blocked: 3470

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2CMNET10
3UNIFIEDLAYER-NETWORK-115
4CHINANET-GD5
5BG-MEGALAN-200706274
6UA-VOLIA-200804042
7OSTROG-NET2
8NETBLK-CHARTER-NET2
9CHINANET-ZJ2
10CHINANET-SN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China64
2Brazil22
3United States14
4Bulgaria12
5Poland8
6India4
7United Kingdom3
8Spain3
9Czech Republic3
10Ukraine2

Suspected Bot List [2017-08-19]

detection period: 2017-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 19, 2017

Botnet Statistics [2017-08-18]

detection period: 2017-08-18 00:00-23:59 UTC
total number of suspected botnet IPs: 226
number of botnet IPs notified to network operators: 194
number of spam blocked: 29774
recipient count of spam blocked: 59216

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2BSNLNET9
3ALISOFT7
4UNICOM-HN6
5CMNET6
6VIETEL-VNNIC-VN5
7TencentCloud5
8UNIFIEDLAYER-NETWORK-144
9HOSTWINDS-17-54
10CHINANET-GD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China73
2India32
3United States26
4Viet Nam12
5Brazil12
6Bulgaria7
7Thailand5
8France5
9Taiwan4
10Indonesia4

Suspected Bot List [2017-08-18]

detection period: 2017-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN112.133.218.134India
TH61.7.228.51Thailand
TH119.46.209.163Thailand
TH125.26.207.22Thailand
US74.222.26.47United States
UY167.57.162.35Uruguay
UY179.25.86.62Uruguay

List from greylisting:

Friday, August 18, 2017

Botnet Statistics [2017-08-17]

detection period: 2017-08-17 00:00-23:59 UTC
total number of suspected botnet IPs: 171
number of botnet IPs notified to network operators: 135
number of spam blocked: 27394
recipient count of spam blocked: 27418

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2CHINANET-GD5
3VIETEL-VN4
4SERVERCRATE-034
5CHINANET-HN4
6CHINANET-HB4
7VNPT-VNNIC-VN3
8UNIFIEDLAYER-NETWORK-153
9CHINANET-JS3
10BUF1-96-9-240-0-203

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China54
2United States19
3India18
4Viet Nam15
5Brazil8
6Bulgaria8
7Russian Federation6
8Iran4
9Italy3
10France3

Suspected Bot List [2017-08-17]

detection period: 2017-08-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US74.222.26.47United States

List from greylisting:

Thursday, August 17, 2017

Botnet Statistics [2017-08-16]

detection period: 2017-08-16 00:00-23:59 UTC
total number of suspected botnet IPs: 360
number of botnet IPs notified to network operators: 306
number of spam blocked: 34327
recipient count of spam blocked: 72771

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1SERVERCRATE-0349
2HINET-NET41
3HINET28
4Baidu27
5SERVERCRATE-0411
6DNSSLAVE79
7CHINANET-GD7
8BSNLNET6
9MAROSNET-194-67-208-05
10CHINANET-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States79
2China73
3Taiwan70
4India20
5Viet Nam11
6Brazil10
7Russian Federation8
8Bulgaria8
9Pakistan7
10Iran7

Suspected Bot List [2017-08-16]

detection period: 2017-08-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 54

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
JO79.173.252.192Jordan
SA212.76.76.242Saudi Arabia
TH125.26.207.22Thailand
US74.222.26.47United States
UY179.26.7.133Uruguay

List from greylisting:

Wednesday, August 16, 2017

Botnet Statistics [2017-08-15]

detection period: 2017-08-15 00:00-23:59 UTC
total number of suspected botnet IPs: 384
number of botnet IPs notified to network operators: 364
number of spam blocked: 27678
recipient count of spam blocked: 74878

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET80
2WASU47
3CHINANET-HB41
4Baidu27
5CHINANET-AH20
6SERVERCRATE-0319
7UNICOM-ZJ17
8CHINANET-HN9
9UNIFIEDLAYER-NETWORK-147
10UNICOM-JS7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China299
2United States43
3Thailand5
4Poland4
5United Kingdom4
6Taiwan3
7Hong Kong3
8Australia3
9Turkey2
10France2

Suspected Bot List [2017-08-15]

detection period: 2017-08-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 20

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH61.7.236.60Thailand
TH61.7.241.50Thailand
TH125.25.170.66Thailand
UY186.48.51.188Uruguay

List from greylisting:

Tuesday, August 15, 2017

Botnet Statistics [2017-08-14]

detection period: 2017-08-14 00:00-23:59 UTC
total number of suspected botnet IPs: 469
number of botnet IPs notified to network operators: 426
number of spam blocked: 10393
recipient count of spam blocked: 90299

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET96
2WASU55
3CHINANET-GD34
4UNICOM-ZJ28
5SERVERCRATE-0328
6Baidu27
7CHINANET-AH16
8CHINANET-HB13
9UNICOM-JS9
10CHINANET-JX9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China337
2United States66
3Viet Nam6
4Taiwan5
5Russian Federation5
6Thailand4
7Hong Kong4
8Singapore3
9Germany3
10Uruguay2

Suspected Bot List [2017-08-14]

detection period: 2017-08-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 43

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
CA45.62.239.77Canada
ID219.83.84.146Indonesia
MO116.193.10.34Macau
NL139.162.250.124Netherlands
TH61.7.241.50Thailand
TH119.46.209.163Thailand
TH122.155.197.9Thailand
TH125.26.207.22Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US74.222.26.47United States
US206.125.41.139United States
UY167.57.156.48Uruguay
UY179.25.79.197Uruguay
VE190.202.116.101Venezuela

List from greylisting:

Monday, August 14, 2017

Botnet Statistics [2017-08-13]

detection period: 2017-08-13 00:00-23:59 UTC
total number of suspected botnet IPs: 312
number of botnet IPs notified to network operators: 278
number of spam blocked: 88683
recipient count of spam blocked: 2589427

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2CHINANET-GD23
3SERVERCRATE-0322
4CMNET22
5CHINANET-HB14
6UNICOM-ZJ10
7UNICOM-JS9
8HINET-NET8
9CHINANET-HN8
10SPARKSTATION-AS-AP7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China176
2United States48
3Russian Federation14
4Singapore12
5Taiwan8
6Germany5
7South Korea4
8Hong Kong4
9United Kingdom4
10France3

Suspected Bot List [2017-08-13]

detection period: 2017-08-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA45.62.239.77Canada
DE213.153.71.22Germany
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, August 13, 2017

Suspected Bots' IP List for July 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-07-01]
Suspected Bots IP [2017-07-02]
Suspected Bots IP [2017-07-03]
Suspected Bots IP [2017-07-04]
Suspected Bots IP [2017-07-05]
Suspected Bots IP [2017-07-06]
Suspected Bots IP [2017-07-07]
Suspected Bots IP [2017-07-08]
Suspected Bots IP [2017-07-09]
Suspected Bots IP [2017-07-11]
Suspected Bots IP [2017-07-12]
Suspected Bots IP [2017-07-13]
Suspected Bots IP [2017-07-14]
Suspected Bots IP [2017-07-15]
Suspected Bots IP [2017-07-16]
Suspected Bots IP [2017-07-17]
Suspected Bots IP [2017-07-18]
Suspected Bots IP [2017-07-19]
Suspected Bots IP [2017-07-20]
Suspected Bots IP [2017-07-21]
Suspected Bots IP [2017-07-22]
Suspected Bots IP [2017-07-23]
Suspected Bots IP [2017-07-24]
Suspected Bots IP [2017-07-25]
Suspected Bots IP [2017-07-26]
Suspected Bots IP [2017-07-27]
Suspected Bots IP [2017-07-28]
Suspected Bots IP [2017-07-29]
Suspected Bots IP [2017-07-30]
Suspected Bots IP [2017-07-31]

Botnet Statistics [2017-08-12]

detection period: 2017-08-12 00:00-23:59 UTC
total number of suspected botnet IPs: 333
number of botnet IPs notified to network operators: 293
number of spam blocked: 90462
recipient count of spam blocked: 2616922

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1SERVERCRATE-0330
2Baidu27
3CHINANET-HB18
4CMNET14
5CHINANET-HN14
6CHINANET-GD12
7SERVERCRATE-0410
8DNSSLAVE710
9CHINANET-AH9
10ALISOFT8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China158
2United States69
3Russian Federation15
4Singapore11
5Hong Kong5
6Germany5
7Brazil5
8Taiwan4
9Thailand4
10Peru3

Suspected Bot List [2017-08-12]

detection period: 2017-08-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 40

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
DE213.153.71.22Germany
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
TH125.25.170.66Thailand
TH125.26.207.22Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
UY167.57.18.24Uruguay
UY179.26.19.67Uruguay

List from greylisting:

Saturday, August 12, 2017

Botnet Statistics [2017-08-11]

detection period: 2017-08-11 00:00-23:59 UTC
total number of suspected botnet IPs: 611
number of botnet IPs notified to network operators: 554
number of spam blocked: 91916
recipient count of spam blocked: 2643043

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU62
2CMNET51
3HINET-NET45
4UNICOM-HB39
5CHINANET-HB38
6SERVERCRATE-0330
7CHINANET-GD30
8Baidu27
9HINET15
10HOST4GEEKS13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China333
2United States75
3Taiwan61
4Russian Federation19
5Hong Kong19
6Singapore11
7India8
8Brazil8
9Germany6
10Viet Nam4

Suspected Bot List [2017-08-11]

detection period: 2017-08-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 57

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
DE213.153.71.22Germany
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.236.60Thailand
TH125.25.171.6Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
UY167.56.11.28Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Friday, August 11, 2017

Botnet Statistics [2017-08-10]

detection period: 2017-08-10 00:00-23:59 UTC
total number of suspected botnet IPs: 731
number of botnet IPs notified to network operators: 670
number of spam blocked: 122705
recipient count of spam blocked: 2674775

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET104
2WASU69
3SERVERCRATE-0336
4Baidu27
5CHINANET-HB22
6UNICOM-HB20
7CHINANET-JS18
8CHINANET-HN17
9SHARKTECH-316
10DE-FASTIT-2002102116

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China373
2United States153
3Germany21
4Russian Federation17
5United Kingdom17
6Republic Of Moldova16
7Taiwan13
8Singapore12
9Viet Nam10
10Poland10

Suspected Bot List [2017-08-10]

detection period: 2017-08-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 61

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.236.60Thailand
TH110.164.161.77Thailand
TH119.46.209.163Thailand
TH122.155.197.9Thailand
TH203.156.163.35Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, August 10, 2017

Botnet Statistics [2017-08-09]

detection period: 2017-08-09 00:00-23:59 UTC
total number of suspected botnet IPs: 745
number of botnet IPs notified to network operators: 685
number of spam blocked: 102704
recipient count of spam blocked: 2406406

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET86
2WASU77
3CHINANET-HB33
4Baidu27
5SERVERCRATE-0323
6CHINANET-HN21
7CC-1620
8UNICOM-HB18
9PL-ARTNET-2012070415
10PSYCHZ-NETWORKS13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China353
2United States170
3India24
4Russian Federation23
5Viet Nam16
6Poland16
7United Kingdom15
8Singapore11
9Taiwan10
10Iran10

Suspected Bot List [2017-08-09]

detection period: 2017-08-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 60

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU89.188.229.14Russian Federation
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, August 9, 2017

Botnet Statistics [2017-08-08]

detection period: 2017-08-08 00:00-23:59 UTC
total number of suspected botnet IPs: 786
number of botnet IPs notified to network operators: 746
number of spam blocked: 111027
recipient count of spam blocked: 2475890

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET79
2CHINANET-HB69
3HOST4GEEKS51
4WASU45
5SERVERCRATE-0330
6UNICOM-HB27
7Baidu27
8CHINANET-HN22
9CHINANET-JS21
10CHINANET-GD15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China386
2United States146
3Hong Kong55
4Poland32
5Russian Federation17
6Czech Republic13
7Viet Nam12
8Singapore12
9India12
10Taiwan8

Suspected Bot List [2017-08-08]

detection period: 2017-08-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 40

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ID219.83.84.146Indonesia
IN203.115.99.218India
IN223.196.86.228India
LY197.215.136.166Libya
MO116.193.10.34Macau
RU89.188.229.14Russian Federation
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU91.201.117.228Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, August 8, 2017

Botnet Statistics [2017-08-07]

detection period: 2017-08-07 00:00-23:59 UTC
total number of suspected botnet IPs: 863
number of botnet IPs notified to network operators: 829
number of spam blocked: 113006
recipient count of spam blocked: 2541060

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HN95
2WASU90
3CMNET90
4CHINANET-HB62
5SERVERCRATE-0356
6Baidu37
7CHINANET-JS25
8HOST4GEEKS21
9UNICOM-HB19
10SWIFTWAY19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China519
2United States142
3Netherlands41
4Hong Kong26
5Russian Federation16
6United Kingdom14
7Czech Republic13
8Taiwan11
9Singapore10
10Ukraine7

Suspected Bot List [2017-08-07]

detection period: 2017-08-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
ID219.83.84.146Indonesia
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, August 7, 2017

Botnet Statistics [2017-08-06]

detection period: 2017-08-06 00:00-23:59 UTC
total number of suspected botnet IPs: 569
number of botnet IPs notified to network operators: 544
number of spam blocked: 87197
recipient count of spam blocked: 2247784

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET62
2HOST4GEEKS43
3Baidu37
4CHINANET-HN35
5WASU31
6SERVERCRATE-0331
7SHARKTECH-329
8CHINANET-HB25
9CHINANET-AH20
10UNICOM-HB16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China301
2United States101
3Hong Kong48
4Taiwan13
5Republic Of Moldova13
6Singapore10
7Poland10
8Russian Federation9
9Germany6
10Czech Republic6

Suspected Bot List [2017-08-06]

detection period: 2017-08-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, August 6, 2017

Botnet Statistics [2017-08-05]

detection period: 2017-08-05 00:00-23:59 UTC
total number of suspected botnet IPs: 443
number of botnet IPs notified to network operators: 412
number of spam blocked: 91602
recipient count of spam blocked: 2396870

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu37
2CHINANET-HB34
3SERVERCRATE-0330
4CMNET22
5CHINANET-HN22
6CHINANET-AH16
7PSINETA15
8SNAGGED14
9UK-RAPIDSWITCH-2009110213
10PL-Lovejoy_Carreon_Love12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China202
2United States100
3Poland22
4United Kingdom16
5Canada15
6Russian Federation12
7Hong Kong11
8Singapore10
9Taiwan6
10Germany6

Suspected Bot List [2017-08-05]

detection period: 2017-08-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 31

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
IN203.115.99.218India
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH61.7.228.51Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, August 5, 2017

Botnet Statistics [2017-08-04]

detection period: 2017-08-04 00:00-23:59 UTC
total number of suspected botnet IPs: 766
number of botnet IPs notified to network operators: 710
number of spam blocked: 134721
recipient count of spam blocked: 3346168

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET76
2WASU61
3CHINANET-HB56
4Baidu37
5CHINANET-JS33
6SERVERCRATE-0330
7NDCHOST29
8CC-1524
9HOST4GEEKS23
10Adlaim-net16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China364
2United States148
3India31
4Hong Kong28
5Viet Nam22
6Netherlands21
7Russian Federation15
8Czech Republic13
9Singapore12
10Poland12

Suspected Bot List [2017-08-04]

detection period: 2017-08-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 56

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
DE213.153.71.22Germany
ID219.83.84.146Indonesia
IN203.115.99.218India
IN223.196.86.228India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, August 4, 2017

Botnet Statistics [2017-08-03]

detection period: 2017-08-03 00:00-23:59 UTC
total number of suspected botnet IPs: 814
number of botnet IPs notified to network operators: 754
number of spam blocked: 90046
recipient count of spam blocked: 1932722

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET94
2WASU68
3CHINANET-HB45
4Baidu41
5CHINANET-JS35
6SERVERCRATE-0330
7UNICOM-HB24
8CC-1724
9EXMASTERS823
10PVS-BLOCK0116

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China397
2United States147
3Russian Federation31
4Czech Republic24
5India23
6Netherlands18
7Viet Nam17
8Hong Kong16
9Poland14
10Singapore13

Suspected Bot List [2017-08-03]

detection period: 2017-08-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 60

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MX189.211.198.181Mexico
RU90.188.95.206Russian Federation
RU91.197.234.102Russian Federation
RU194.79.7.70Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US23.129.64.16United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting: