Custom Search

Tuesday, October 31, 2017

Botnet Statistics [2017-10-30]

detection period: 2017-10-30 00:00-23:59 UTC
total number of suspected botnet IPs: 367
number of botnet IPs notified to network operators: 349
number of spam blocked: 72438
recipient count of spam blocked: 1718001

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ72
2WASU36
3CHINANET-GD31
4CHINANET-JS24
5Baidu15
6CMNET13
7CHINANET-HB12
8UNIFIEDLAYER-NETWORK-147
9VNPT-VNNIC-VN5
10UNICOM-HB5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China264
2United States21
3Viet Nam7
4Brazil7
5India6
6Russian Federation5
7Turkey4
8Romania4
9Israel4
10Germany4

Suspected Bot List [2017-10-30]

detection period: 2017-10-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 18

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
FR82.64.21.28France
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Monday, October 30, 2017

Botnet Statistics [2017-10-29]

detection period: 2017-10-29 00:00-23:59 UTC
total number of suspected botnet IPs: 341
number of botnet IPs notified to network operators: 320
number of spam blocked: 56830
recipient count of spam blocked: 1330539

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS40
2UNICOM-ZJ32
3VNPT-VNNIC-VN22
4CHINANET-GD15
5Baidu15
6WASU13
7FPT-VN9
8CMNET8
9CHINANET-ZJ8
10CHINANET-LN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China208
2Viet Nam50
3United States11
4Brazil10
5Russian Federation8
6Romania6
7Germany6
8Argentina6
9South Korea3
10India3

Suspected Bot List [2017-10-29]

detection period: 2017-10-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
FR82.64.21.28France
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Saturday, October 28, 2017

Botnet Statistics [2017-10-27]

detection period: 2017-10-27 00:00-23:59 UTC
total number of suspected botnet IPs: 441
number of botnet IPs notified to network operators: 425
number of spam blocked: 65988
recipient count of spam blocked: 1279481

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ80
2CHINANET-JS41
3Baidu40
4WASU29
5VNPT-VNNIC-VN24
6CMNET23
7CHINANET-GD21
8VIETEL-VN11
9UNIFIEDLAYER-NETWORK-1410
10FPT-VN9

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China298
2Viet Nam61
3United States22
4Germany7
5Italy6
6Thailand4
7Russian Federation4
8Brazil4
9Romania3
10South Korea3

Suspected Bot List [2017-10-27]

detection period: 2017-10-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
FR82.64.21.28France
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, October 27, 2017

Botnet Statistics [2017-10-26]

detection period: 2017-10-26 00:00-23:59 UTC
total number of suspected botnet IPs: 371
number of botnet IPs notified to network operators: 359
number of spam blocked: 67326
recipient count of spam blocked: 1308837

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ81
2Baidu59
3WASU36
4CMNET27
5CHINANET-JS21
6VNPT-VNNIC-VN16
7UNIFIEDLAYER-NETWORK-148
8CHINANET-HB7
9CHINANET-GD7
10FPT-VN5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China265
2Viet Nam26
3United States25
4Russian Federation8
5Taiwan5
6South Korea5
7Germany5
8Romania3
9Italy3
10Hong Kong3

Suspected Bot List [2017-10-26]

detection period: 2017-10-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Thursday, October 26, 2017

Botnet Statistics [2017-10-25]

detection period: 2017-10-25 00:00-23:59 UTC
total number of suspected botnet IPs: 418
number of botnet IPs notified to network operators: 397
number of spam blocked: 50905
recipient count of spam blocked: 843840

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ85
2Baidu56
3WASU41
4CMNET24
5CHINANET-JS23
6VNPT-VNNIC-VN18
7CHINANET-HB11
8CHINANET-LN10
9CHINANET-GD10
10UNIFIEDLAYER-NETWORK-146

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China289
2Viet Nam39
3United States24
4India8
5Russian Federation6
6Taiwan5
7Thailand5
8Germany4
9Romania3
10South Korea3

Suspected Bot List [2017-10-25]

detection period: 2017-10-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States

List from greylisting:

Wednesday, October 25, 2017

Botnet Statistics [2017-10-24]

detection period: 2017-10-24 00:00-23:59 UTC
total number of suspected botnet IPs: 477
number of botnet IPs notified to network operators: 441
number of spam blocked: 69080
recipient count of spam blocked: 1534065

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ66
2Baidu64
3WASU29
4CMNET28
5CHINANET-GD27
6CHINANET-JS21
7VNPT-VNNIC-VN19
8CHINANET-HB12
9CHINANET-HN9
10CHINANET-LN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China304
2Viet Nam41
3United States27
4Russian Federation11
5India11
6Brazil9
7Taiwan6
8Romania5
9Germany5
10Colombia4

Suspected Bot List [2017-10-24]

detection period: 2017-10-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR190.173.254.28Argentina
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, October 24, 2017

Botnet Statistics [2017-10-23]

detection period: 2017-10-23 00:00-23:59 UTC
total number of suspected botnet IPs: 377
number of botnet IPs notified to network operators: 366
number of spam blocked: 71753
recipient count of spam blocked: 1572987

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ75
2Baidu67
3WASU34
4CHINANET-GD34
5CHINANET-JS24
6CMNET16
7CHINANET-HB10
8UNIFIEDLAYER-NETWORK-147
9UNICOM-HB5
10CHINANET-LN5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China308
2United States19
3Russian Federation5
4Germany5
5Taiwan4
6Turkey4
7Argentina3
8Sweden2
9Romania2
10South Korea2

Suspected Bot List [2017-10-23]

detection period: 2017-10-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RS89.216.28.123Serbia
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, October 23, 2017

Botnet Statistics [2017-10-22]

detection period: 2017-10-22 00:00-23:59 UTC
total number of suspected botnet IPs: 347
number of botnet IPs notified to network operators: 332
number of spam blocked: 62348
recipient count of spam blocked: 1432527

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu67
2CHINANET-JS38
3CHINANET-GD31
4VNPT-VNNIC-VN29
5UNICOM-ZJ22
6CMNET11
7WASU9
8ETC-VNNIC-VN8
9CHINANET-HB8
10VIETEL-VN7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China216
2Viet Nam64
3United States12
4Germany7
5Russian Federation5
6Brazil5
7Taiwan3
8Romania3
9South Korea3
10Sweden2

Suspected Bot List [2017-10-22]

detection period: 2017-10-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 15

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, October 22, 2017

Botnet Statistics [2017-10-21]

detection period: 2017-10-21 00:00-23:59 UTC
total number of suspected botnet IPs: 296
number of botnet IPs notified to network operators: 280
number of spam blocked: 54106
recipient count of spam blocked: 1166226

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu67
2CHINANET-JS30
3CHINANET-GD30
4VNPT-VNNIC-VN20
5CHINANET-HB10
6VIETEL-VN8
7FPT-VN7
8LSN-DLLSTX-26
9VIETEL-VNNIC-VN5
10Turkbil-internet-hizmetleri3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China164
2Viet Nam44
3United States13
4Brazil8
5Germany7
6Russian Federation6
7Thailand5
8Turkey4
9Taiwan3
10South Korea3

Suspected Bot List [2017-10-21]

detection period: 2017-10-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
ES176.86.145.47Spain
RS89.216.28.123Serbia
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
TH61.7.236.60Thailand
ZA196.46.23.122South Africa

List from greylisting:

Saturday, October 21, 2017

Botnet Statistics [2017-10-20]

detection period: 2017-10-20 00:00-23:59 UTC
total number of suspected botnet IPs: 416
number of botnet IPs notified to network operators: 380
number of spam blocked: 46038
recipient count of spam blocked: 550435

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ74
2Baidu67
3CHINANET-JS32
4WASU27
5VNPT-VNNIC-VN26
6CHINANET-GD20
7UNIFIEDLAYER-NETWORK-1410
8CMNET10
9FPT-VN8
10CHINANET-HB8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China260
2Viet Nam55
3India19
4United States17
5Taiwan5
6Russian Federation5
7Germany4
8Thailand3
9Pakistan3
10South Korea3

Suspected Bot List [2017-10-20]

detection period: 2017-10-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
ZA196.46.23.122South Africa

List from greylisting:

Friday, October 20, 2017

Botnet Statistics [2017-10-19]

detection period: 2017-10-19 00:00-23:59 UTC
total number of suspected botnet IPs: 474
number of botnet IPs notified to network operators: 430
number of spam blocked: 48926
recipient count of spam blocked: 969921

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ75
2Baidu67
3WASU42
4CHINANET-JS25
5CMNET21
6CHINANET-GD18
7VNPT-VNNIC-VN17
8UNIFIEDLAYER-NETWORK-1410
9VIETEL-VN9
10CHINANET-HB8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China294
2Viet Nam38
3India21
4United States19
5Romania6
6Pakistan6
7Brazil6
8South Korea5
9South Africa4
10Taiwan4

Suspected Bot List [2017-10-19]

detection period: 2017-10-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 44

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
TH61.7.236.60Thailand
US23.129.64.11United States
US23.129.64.12United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, October 19, 2017

Botnet Statistics [2017-10-18]

detection period: 2017-10-18 00:00-23:59 UTC
total number of suspected botnet IPs: 419
number of botnet IPs notified to network operators: 385
number of spam blocked: 67965
recipient count of spam blocked: 1007246

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ71
2Baidu60
3WASU41
4CHINANET-JS23
5CMNET14
6VNPT-VNNIC-VN11
7CHINANET-HB11
8UNIFIEDLAYER-NETWORK-1410
9CHINANET-GD9
10FPT-VN7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China276
2Viet Nam30
3United States22
4India9
5Iran6
6Indonesia6
7Brazil6
8Russian Federation5
9Taiwan4
10Romania4

Suspected Bot List [2017-10-18]

detection period: 2017-10-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
TH61.7.236.60Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US24.231.215.254United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, October 18, 2017

Botnet Statistics [2017-10-17]

detection period: 2017-10-17 00:00-23:59 UTC
total number of suspected botnet IPs: 468
number of botnet IPs notified to network operators: 427
number of spam blocked: 50485
recipient count of spam blocked: 1004539

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu67
2UNICOM-ZJ65
3CHINANET-JS37
4WASU27
5VNPT-VNNIC-VN24
6CHINANET-GD23
7CMNET19
8CHINANET-HB11
9UNIFIEDLAYER-NETWORK-149
10FPT-VN8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China271
2Viet Nam52
3United States20
4India12
5South Korea10
6Russian Federation8
7Thailand6
8Romania6
9Brazil5
10Turkey4

Suspected Bot List [2017-10-17]

detection period: 2017-10-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 41

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
MN202.170.70.8Mongolia
RS89.216.28.123Serbia
RU95.68.240.209Russian Federation
RU185.127.25.68Russian Federation
TH203.156.163.35Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States

List from greylisting:

Tuesday, October 17, 2017

Botnet Statistics [2017-10-16]

detection period: 2017-10-16 00:00-23:59 UTC
total number of suspected botnet IPs: 975
number of botnet IPs notified to network operators: 813
number of spam blocked: 57311
recipient count of spam blocked: 1102116

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN88
2UNICOM-ZJ73
3Baidu67
4WASU34
5CHINANET-JS34
6CMNET26
7CHINANET-GD26
8VIETEL-VN20
9FPT-VN14
10BHARTI-IN13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China305
2Viet Nam154
3India61
4Brazil42
5Mexico35
6Iran29
7United States27
8Peru26
9Saudi Arabia19
10Turkey16

Suspected Bot List [2017-10-16]

detection period: 2017-10-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 162

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
RU185.127.25.68Russian Federation
TH61.7.236.60Thailand
TH61.91.22.88Thailand
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States

List from greylisting:

Monday, October 16, 2017

Botnet Statistics [2017-10-15]

detection period: 2017-10-15 00:00-23:59 UTC
total number of suspected botnet IPs: 986
number of botnet IPs notified to network operators: 776
number of spam blocked: 44712
recipient count of spam blocked: 919899

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN83
2Baidu66
3UNICOM-ZJ24
4CHINANET-JS18
5VIETEL-VN16
6IPxDSL-NET16
7PE-TPSA-LACNIC13
8ETC-VNNIC-VN12
9BHARTI-IN12
10PTCLBB-PK11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China171
2Viet Nam151
3India73
4Iran50
5Mexico49
6Brazil42
7Peru29
8Colombia22
9Indonesia18
10Pakistan17

Suspected Bot List [2017-10-15]

detection period: 2017-10-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 210

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BG93.123.73.123Bulgaria
CZ185.82.212.7Czech Republic
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, October 15, 2017

Suspected Bots' IP List for September 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-09-01]
Suspected Bots IP [2017-09-02]
Suspected Bots IP [2017-09-03]
Suspected Bots IP [2017-09-04]
Suspected Bots IP [2017-09-05]
Suspected Bots IP [2017-09-06]
Suspected Bots IP [2017-09-07]
Suspected Bots IP [2017-09-10]
Suspected Bots IP [2017-09-11]
Suspected Bots IP [2017-09-12]
Suspected Bots IP [2017-09-13]
Suspected Bots IP [2017-09-14]
Suspected Bots IP [2017-09-15]
Suspected Bots IP [2017-09-16]
Suspected Bots IP [2017-09-17]
Suspected Bots IP [2017-09-18]
Suspected Bots IP [2017-09-19]
Suspected Bots IP [2017-09-20]
Suspected Bots IP [2017-09-21]
Suspected Bots IP [2017-09-22]
Suspected Bots IP [2017-09-23]
Suspected Bots IP [2017-09-24]
Suspected Bots IP [2017-09-25]
Suspected Bots IP [2017-09-26]
Suspected Bots IP [2017-09-27]
Suspected Bots IP [2017-09-28]
Suspected Bots IP [2017-09-29]
Suspected Bots IP [2017-09-30]

Botnet Statistics [2017-10-14]

detection period: 2017-10-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1427
number of botnet IPs notified to network operators: 1115
number of spam blocked: 47006
recipient count of spam blocked: 902148

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN124
2Baidu64
3CHINANET-JS30
4BHARTI-IN27
5PE-TPSA-LACNIC25
6VIETEL-VN23
7FPT-VN23
8VIETEL-VNNIC-VN22
9PE-PETD2-LACNIC17
10ETC-VNNIC-VN16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Viet Nam239
2China143
3India131
4Iran86
5Mexico72
6Peru64
7Brazil48
8Turkey43
9Colombia42
10Saudi Arabia32

Suspected Bot List [2017-10-14]

detection period: 2017-10-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 312

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, October 14, 2017

Botnet Statistics [2017-10-13]

detection period: 2017-10-13 00:00-23:59 UTC
total number of suspected botnet IPs: 1360
number of botnet IPs notified to network operators: 1088
number of spam blocked: 47507
recipient count of spam blocked: 810180

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN111
2Baidu58
3VIETEL-VN31
4ETC-VNNIC-VN26
5PE-TPSA-LACNIC25
6VIETEL-VNNIC-VN24
7FPT-VN21
8BHARTI-IN21
9TN-ATI-2006121218
10CHINANET-JS18

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1Viet Nam236
2China154
3India110
4Mexico80
5Peru59
6Brazil57
7Colombia44
8Turkey41
9Iran41
10Argentina27

Suspected Bot List [2017-10-13]

detection period: 2017-10-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 272

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, October 13, 2017

Botnet Statistics [2017-10-12]

detection period: 2017-10-12 00:00-23:59 UTC
total number of suspected botnet IPs: 977
number of botnet IPs notified to network operators: 788
number of spam blocked: 44452
recipient count of spam blocked: 918545

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2VNPT-VNNIC-VN46
3CHINANET-JS25
4PE-TPSA-LACNIC20
5MX-IPMS2-LACNIC15
6BHARTI-IN15
7FPT-VN14
8VIETEL-VNNIC-VN13
9CO-ACSA-LACNIC13
10CMNET12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China129
2Viet Nam102
3Mexico87
4India71
5Peru57
6Colombia47
7Iran38
8United States36
9Brazil35
10Turkey24

Suspected Bot List [2017-10-12]

detection period: 2017-10-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 189

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
MN202.170.70.8Mongolia
RU185.127.25.68Russian Federation
US23.129.64.11United States
US23.129.64.12United States
US23.129.64.13United States
US23.129.64.14United States
US23.129.64.15United States
US24.231.215.254United States
US206.125.41.139United States

List from greylisting:

Thursday, October 12, 2017

Botnet Statistics [2017-10-11]

detection period: 2017-10-11 00:00-23:59 UTC
total number of suspected botnet IPs: 225
number of botnet IPs notified to network operators: 204
number of spam blocked: 23962
recipient count of spam blocked: 262110

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-JS33
3CHINANET-SD13
4WASU7
5UNICOM-HB6
6VNPT-VNNIC-VN5
7LSN-DLLSTX-25
8CHINANET-HB5
9LSN-DLLSTX-14
10CMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China143
2Russian Federation15
3United States14
4India9
5Viet Nam8
6Pakistan4
7Germany4
8Bulgaria3
9Romania2
10Japan2

Suspected Bot List [2017-10-11】

detection period: 2017-10-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 21

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RU185.127.25.68Russian Federation
US206.125.41.139United States

List from greylisting:

Wednesday, October 11, 2017

Botnet Statistics [2017-10-10]

detection period: 2017-10-10 00:00-23:59 UTC
total number of suspected botnet IPs: 274
number of botnet IPs notified to network operators: 251
number of spam blocked: 46943
recipient count of spam blocked: 929848

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu51
2CHINANET-JS25
3WASU24
4CHINANET-HB18
5UNICOM-HB13
6CMNET12
7LSN-DLLSTX-26
8EE-WAVECOM-200503186
9CHINANET-YN6
10ENCRYPTED-TRANSIT-IPV45

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China177
2United States17
3India15
4Russian Federation8
5Estonia6
6Brazil5
7Viet Nam3
8Romania3
9Iran3
10Taiwan2

Suspected Bot List [2017-10-10]

detection period: 2017-10-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IL62.219.3.48Israel
MO116.193.10.34Macau
RU185.127.25.68Russian Federation
US206.125.41.139United States

List from greylisting:

Monday, October 9, 2017

Botnet Statistics [2017-10-08]

detection period: 2017-10-08 00:00-23:59 UTC
total number of suspected botnet IPs: 158
number of botnet IPs notified to network operators: 157
number of spam blocked: 907
recipient count of spam blocked: 2125

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-JS32
3UK-RAPIDSWITCH-200704189
4PSYCHZ-NETWORKS7
5CHINANET-HB7
6SHARKTECH-36
7CHINANET-YN5
8CMNET4
9CHINANET-GD3
10CHINANET-CQ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China120
2United States19
3United Kingdom9
4Russian Federation2
5Brazil2
6Ukraine1
7Laos1
8Japan1
9France1
10Egypt1

Suspected Bot List [2017-10-08]

detection period: 2017-10-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, October 8, 2017

Botnet Statistics [2017-10-07]

detection period: 2017-10-07 00:00-23:59 UTC
total number of suspected botnet IPs: 155
number of botnet IPs notified to network operators: 144
number of spam blocked: 6137
recipient count of spam blocked: 48119

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-JS11
3CHINANET-ZJ6
4CHINANET-AH6
5LSN-DLLSTX-34
6CMNET4
7UNICOM3
8HICHINA3
9CHINANET-HB3
10CHINANET-GD3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China106
2United States17
3Viet Nam3
4Taiwan3
5Russian Federation3
6Brazil3
7Uruguay2
8Indonesia2
9France2
10Venezuela1

Suspected Bot List [2017-10-07]

detection period: 2017-10-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
SA212.76.76.242Saudi Arabia
US24.231.215.254United States
UY167.56.17.100Uruguay
UY167.57.68.153Uruguay

List from greylisting:

Saturday, October 7, 2017

Botnet Statistics [2017-10-06]

detection period: 2017-10-06 00:00-23:59 UTC
total number of suspected botnet IPs: 200
number of botnet IPs notified to network operators: 177
number of spam blocked: 53459
recipient count of spam blocked: 966747

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-JS10
3LSN-DLLSTX-86
4LSN-DLLSTX-36
5ALISOFT5
6HINET-NET4
7HICHINA4
8VNPT-VNNIC-VN3
9CMNET3
10CHINANET-AH3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China90
2United States21
3India11
4Viet Nam8
5Russian Federation7
6Taiwan6
7Turkey4
8Brazil4
9Pakistan3
10Italy3

Suspected Bot List [2017-10-06]

detection period: 2017-10-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
RU185.127.25.68Russian Federation
TH61.7.236.60Thailand
TH183.89.121.82Thailand
US206.125.41.139United States
UY167.56.156.116Uruguay
UY167.57.126.80Uruguay

List from greylisting:

Friday, October 6, 2017

Botnet Statistics [2017-10-05]

detection period: 2017-10-05 00:00-23:59 UTC
total number of suspected botnet IPs: 204
number of botnet IPs notified to network operators: 187
number of spam blocked: 41699
recipient count of spam blocked: 709241

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu49
2CHINANET-JS14
3LSN-DLLSTX-67
4CHINANET-YN6
5VNPT-VNNIC-VN5
6PSINETA5
7CMNET4
8CHINANET-JX4
9CHINANET-HB4
10CHINANET-GD4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China94
2United States24
3India12
4Viet Nam9
5Russian Federation6
6Mexico4
7Iran4
8Germany4
9Israel3
10Indonesia3

Suspected Bot List [2017-10-05]

detection period: 2017-10-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 17

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
NL185.56.80.15Netherlands
RU185.127.25.68Russian Federation
US206.125.41.139United States

List from greylisting:

Thursday, October 5, 2017

Botnet Statistics [2017-10-04]

detection period: 2017-10-04 00:00-23:59 UTC
total number of suspected botnet IPs: 222
number of botnet IPs notified to network operators: 203
number of spam blocked: 52861
recipient count of spam blocked: 1013156

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-JS20
3PSINETA6
4LSN-DLLSTX-66
5CHINANET-HB6
6ALISOFT6
7HINET-NET5
8CHINANET-ZJ5
9CHINANET-YN5
10FPT-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China111
2United States18
3India11
4Iran10
5Taiwan8
6Viet Nam6
7Russian Federation6
8Indonesia4
9Turkey3
10Brazil3

Suspected Bot List [2017-10-04]

detection period: 2017-10-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.7Czech Republic
RU185.127.25.68Russian Federation
TH183.89.126.186Thailand
US206.125.41.139United States

List from greylisting:

Tuesday, October 3, 2017

Botnet Statistics [2017-10-02]

detection period: 2017-10-02 00:00-23:59 UTC
total number of suspected botnet IPs: 178
number of botnet IPs notified to network operators: 162
number of spam blocked: 33209
recipient count of spam blocked: 432410

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu51
2Turkbil-internet-hizmetleri7
3LGTELECOM-KR7
4CC-174
5LSN-DLLSTX-33
6KORNET-KR3
7CHINANET-ZJ3
8CHINANET-JX3
9CHINANET-GD3
10BSNLNET3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China72
2United States15
3South Korea12
4India11
5Russian Federation9
6Turkey8
7Viet Nam6
8Germany4
9Pakistan3
10Iran3

Suspected Bot List [2017-10-02]

detection period: 2017-10-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 16

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
IR212.33.199.144Iran
LK122.255.31.42Sri Lanka
NL185.56.80.15Netherlands
RU185.127.25.68Russian Federation
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, October 2, 2017

Botnet Statistics [2017-10-01]

detection period: 2017-10-01 00:00-23:59 UTC
total number of suspected botnet IPs: 122
number of botnet IPs notified to network operators: 115
number of spam blocked: 25170
recipient count of spam blocked: 660515

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-GD5
3CMNET3
4CHINANET-JS3
5ALISOFT3
6broadNnet-KR2
7NAZWAPL2
8LSN-DLLSTX-22
9KORNET-KR2
10IT-TECHNORAIL-200112122

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China76
2Russian Federation7
3United States6
4South Korea4
5Turkey2
6Poland2
7Italy2
8France2
9Germany2
10Canada2

Suspected Bot List [2017-10-01]

detection period: 2017-10-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RU185.127.25.68Russian Federation
US206.125.41.139United States

List from greylisting:

Sunday, October 1, 2017

Botnet Statistics for September 2017

detection period: 2017-09-01 00:00 - 2017-09-30 23:59 UTC
total number of suspected botnet IPs: 4286
number of blocked spams: 614627
recipient count of blocked spams: 4749324

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China2362
2United States552
3India221
4Viet Nam216
5Brazil72
6Turkey56
7Mexico54
8Iran50
9Indonesia45
10South Korea41
11Italy37
12Colombia36
13Romania32
14Russian Federation31
15Taiwan26
16Pakistan22
17Chile22
18Bulgaria21
19Argentina20
20Thailand18
21Spain17
22Japan14
23Australia14
24Canada13
25Bolivia13

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1United States270485
2China140539
3United Kingdom36928
4Netherlands36139
5Brazil14301
6Ukraine13128
7Russian Federation13123
8Tunisia12617
9Canada11729
10Romania8219
11Germany6869
12Hong Kong5770
13Singapore5265
14Poland4739
15Turkey4511
16India3638
17Bulgaria3482
18Republic Of Moldova3053
19Hungary2782
20South Korea2539
21Albania2292
22Estonia1990
23Taiwan1767
24Saint Kitts And Nevis1606
25Thailand952

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-09-30]

detection period: 2017-09-30 00:00-23:59 UTC
total number of suspected botnet IPs: 162
number of botnet IPs notified to network operators: 151
number of spam blocked: 28310
recipient count of spam blocked: 695056

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CMNET10
3CHINANET-JS10
4ALISOFT6
5CHINANET-GD5
6CHINANET-ZJ-NB4
7CHINANET-HB4
8CHINANET-FJ4
9UNIFIEDLAYER-NETWORK-143
10CHINANET-ZJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China104
2United States9
3Russian Federation5
4India5
5South Korea4
6Viet Nam3
7Pakistan3
8Mexico3
9Tunisia2
10Italy2

Suspected Bot List [2017-09-30]

detection period: 2017-09-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
RU185.127.25.68Russian Federation
US206.125.41.139United States

List from greylisting: