Custom Search

Wednesday, January 31, 2018

Botnet Statistics [2018-01-30]

detection period: 2018-01-30 00:00-23:59 UTC
total number of suspected botnet IPs: 15
number of botnet IPs notified to network operators: 13
number of spam blocked: 33321
recipient count of spam blocked: 1077700

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3SAA1
4RHINO-31
5NG-CYBERSPACE-9901141
6MRNET1
7KORNET-KR1
8IP2000-ADSL-BAS1
9ESTROWEB-011
10CZ-WHOISPROTECTION-201412311

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3South Africa1
4Singapore1
5Netherlands1
6Nigeria1
7South Korea1
8India1
9France1
10Czech Republic1

Suspected Bot List [2018-01-30]

detection period: 2018-01-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, January 30, 2018

Botnet Statistics [2018-01-29]

detection period: 2018-01-29 00:00-23:59 UTC
total number of suspected botnet IPs: 14
number of botnet IPs notified to network operators: 12
number of spam blocked: 114754
recipient count of spam blocked: 722304

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2VIS-BLOCK1
3UNICOM-CN1
4SAA1
5NETBLOCK-SHENTEL-HELICONCABLE1
6KORNET-KR1
7IP2000-ADSL-BAS1
8EURONET-ISP1
9CZ-WHOISPROTECTION-201412311
10CHINANET-TJ1

The top 9 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States3
3South Africa1
4Poland1
5South Korea1
6India1
7France1
8Czech Republic1
9Brazil1

Suspected Bot List [2018-01-29]

detection period: 2018-01-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Monday, January 29, 2018

Botnet Statistics [2018-01-28]

detection period: 2018-01-28 00:00-23:59 UTC
total number of suspected botnet IPs: 15
number of botnet IPs notified to network operators: 13
number of spam blocked: 62382
recipient count of spam blocked: 653199

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3SAA1
4RRNY1
5MRNET1
6KORNET-KR1
7IP2000-ADSL-BAS1
8INTERSERVER1
9IE-NTL-200602221
10CZ-WHOISPROTECTION-201412311

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States3
3South Africa1
4Singapore1
5South Korea1
6India1
7Ireland1
8France1
9Czech Republic1
10Brazil1

Suspected Bot List [2018-01-28]

detection period: 2018-01-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Sunday, January 28, 2018

Suspected Bots' IP List for December 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-12-01]
Suspected Bots IP [2017-12-02]
Suspected Bots IP [2017-12-03]
Suspected Bots IP [2017-12-04]
Suspected Bots IP [2017-12-05]
Suspected Bots IP [2017-12-06]
Suspected Bots IP [2017-12-07]
Suspected Bots IP [2017-12-08]
Suspected Bots IP [2017-12-09]
Suspected Bots IP [2017-12-10]
Suspected Bots IP [2017-12-11]
Suspected Bots IP [2017-12-12]
Suspected Bots IP [2017-12-13]
Suspected Bots IP [2017-12-14]
Suspected Bots IP [2017-12-15]
Suspected Bots IP [2017-12-16]
Suspected Bots IP [2017-12-17]
Suspected Bots IP [2017-12-18]
Suspected Bots IP [2017-12-19]
Suspected Bots IP [2017-12-20]
Suspected Bots IP [2017-12-21]
Suspected Bots IP [2017-12-22]
Suspected Bots IP [2017-12-23]
Suspected Bots IP [2017-12-24]
Suspected Bots IP [2017-12-25]
Suspected Bots IP [2017-12-26]
Suspected Bots IP [2017-12-27]
Suspected Bots IP [2017-12-28]
Suspected Bots IP [2017-12-29]
Suspected Bots IP [2017-12-30]
Suspected Bots IP [2017-12-31]

Botnet Statistics [2018-01-27]

detection period: 2018-01-27 00:00-23:59 UTC
total number of suspected botnet IPs: 12
number of botnet IPs notified to network operators: 10
number of spam blocked: 22952
recipient count of spam blocked: 611275

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3SAA1
4RRNY1
5NEXTGENTEL-NO-T21
6KORNET-KR1
7IE-NTL-200602221
8CZ-WHOISPROTECTION-201412311
9CHINANET-TJ1
10AIRLINERES-CALPOP-COM1

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3South Africa1
4Norway1
5South Korea1
6Ireland1
7Czech Republic1
8Brazil1

Suspected Bot List [2018-01-27]

detection period: 2018-01-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Saturday, January 27, 2018

Botnet Statistics [2018-01-26]

detection period: 2018-01-26 00:00-23:59 UTC
total number of suspected botnet IPs: 10
number of botnet IPs notified to network operators: 9
number of spam blocked: 16161
recipient count of spam blocked: 484424

The top 9 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3NL-WORLDSTREAM-200902041
4KORNET-KR1
5INTERSERVER1
6CZ-WHOISPROTECTION-201412311
7CHINANET-TJ1
8AIRLINERES-CALPOP-COM1
9002.558.157/0001-621

The top 6 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2United States2
3Netherlands1
4South Korea1
5Czech Republic1
6Brazil1

Suspected Bot List [2018-01-26]

detection period: 2018-01-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Friday, January 26, 2018

Botnet Statistics [2018-01-25]

detection period: 2018-01-25 00:00-23:59 UTC
total number of suspected botnet IPs: 6
number of botnet IPs notified to network operators: 5
number of spam blocked: 63
recipient count of spam blocked: 1890

The top 5 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ2
2UNICOM-CN1
3CZ-WHOISPROTECTION-201412311
4CHINANET-TJ1
5002.558.157/0001-621

The top 3 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China4
2Czech Republic1
3Brazil1

Suspected Bot List [2018-01-25]

detection period: 2018-01-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Wednesday, January 24, 2018

Botnet Statistics [2018-01-23]

detection period: 2018-01-23 00:00-23:59 UTC
total number of suspected botnet IPs: 24
number of botnet IPs notified to network operators: 23
number of spam blocked: 18303
recipient count of spam blocked: 548307

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2HO-22
3CHINANET-ZJ2
4hostio1
5UNICOM-CN1
6SC-FLOKINET-LTD-201608261
7NO-UPC-200507071
8LIVESHELLS-SRL1
9KSS-Telecom-net1
10KORNET-KR1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Netherlands2
4Canada2
5Belize2
6Romania1
7Norway1
8South Korea1
9Kyrgyzstan1
10Iceland1

Suspected Bot List [2018-01-23]

detection period: 2018-01-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Tuesday, January 23, 2018

Botnet Statistics [2018-01-22]

detection period: 2018-01-22 00:00-23:59 UTC
total number of suspected botnet IPs: 26
number of botnet IPs notified to network operators: 24
number of spam blocked: 18521
recipient count of spam blocked: 554818

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2HO-22
3CHINANET-ZJ2
4hostio1
5UNICOM-CN1
6SMARTWEB-NET1
7SC-FLOKINET-LTD-201608261
8SAA1
9NO-UPC-200507071
10LIVESHELLS-SRL1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Canada3
4Netherlands2
5Belize2
6South Africa1
7Romania1
8Norway1
9Iceland1
10India1

Suspected Bot List [2018-01-22]

detection period: 2018-01-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Monday, January 22, 2018

Botnet Statistics [2018-01-21]

detection period: 2018-01-21 00:00-23:59 UTC
total number of suspected botnet IPs: 26
number of botnet IPs notified to network operators: 24
number of spam blocked: 17996
recipient count of spam blocked: 539155

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2HO-22
3CHINANET-ZJ2
4hostio1
5UNICOM-CN1
6SC-FLOKINET-LTD-201608261
7SAA1
8NO-UPC-200507071
9LIVESHELLS-SRL1
10KORNET-KR1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Canada3
4Netherlands2
5Belize2
6South Africa1
7Ukraine1
8Romania1
9Norway1
10South Korea1

Suspected Bot List [2018-01-21]

detection period: 2018-01-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Sunday, January 21, 2018

Botnet Statistics [2018-01-20]

detection period: 2018-01-20 00:00-23:59 UTC
total number of suspected botnet IPs: 30
number of botnet IPs notified to network operators: 28
number of spam blocked: 31925
recipient count of spam blocked: 786869

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2SC-FLOKINET-LTD-201608262
3HO-22
4CHINANET-ZJ2
5hostio1
6UNICOM-CN1
7STADTWERKE-SCHWEDT-NET1
8SMARTWEB-NET1
9SAA1
10RU-TIMEWEB2-20171212-531

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Canada3
4Ukraine2
5Netherlands2
6Iceland2
7Germany2
8Belize2
9South Africa1
10Russian Federation1

Suspected Bot List [2018-01-20]

detection period: 2018-01-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Saturday, January 20, 2018

Botnet Statistics [2018-01-19]

detection period: 2018-01-19 00:00-23:59 UTC
total number of suspected botnet IPs: 28
number of botnet IPs notified to network operators: 26
number of spam blocked: 29211
recipient count of spam blocked: 703809

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2SC-FLOKINET-LTD-201608262
3HO-22
4CHINANET-ZJ2
5hostio1
6UNICOM-CN1
7SMARTWEB-NET1
8SAA1
9RU-TIMEWEB2-20171212-531
10OPRIA1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Netherlands3
4Iceland2
5Germany2
6Canada2
7South Africa1
8Ukraine1
9Russian Federation1
10Romania1

Suspected Bot List [2018-01-19]

detection period: 2018-01-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
ZA196.46.23.122South Africa

List from greylisting:

Friday, January 19, 2018

Botnet Statistics [2018-01-18]

detection period: 2018-01-18 00:00-23:59 UTC
total number of suspected botnet IPs: 25
number of botnet IPs notified to network operators: 25
number of spam blocked: 30947
recipient count of spam blocked: 733994

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2SC-FLOKINET-LTD-201608262
3HO-22
4CHINANET-ZJ2
5hostio1
6UNICOM-CN1
7SMARTWEB-NET1
8OPRIA1
9NO-UPC-200507071
10MX-HSCV17-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Netherlands2
4Iceland2
5Germany2
6Canada2
7Ukraine1
8Romania1
9Norway1
10Mexico1

Suspected Bot List [2018-01-18]

detection period: 2018-01-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 0

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, January 18, 2018

Botnet Statistics [2018-01-17]

detection period: 2018-01-17 00:00-23:59 UTC
total number of suspected botnet IPs: 28
number of botnet IPs notified to network operators: 23
number of spam blocked: 34772
recipient count of spam blocked: 783378

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2SC-FLOKINET-LTD-201608262
3HO-22
4CHINANET-ZJ2
5hostio1
6UNICOM-CN1
7SMARTWEB-NET1
8RO-ARTELECOM-200708151
9OPRIA1
10NO-UPC-200507071

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Romania2
4Netherlands2
5Iceland2
6Germany2
7Canada2
8Ukraine1
9Norway1
10Mexico1

Suspected Bot List [2018-01-17]

detection period: 2018-01-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Wednesday, January 17, 2018

Botnet Statistics [2018-01-16]

detection period: 2018-01-16 00:00-23:59 UTC
total number of suspected botnet IPs: 32
number of botnet IPs notified to network operators: 26
number of spam blocked: 28950
recipient count of spam blocked: 826305

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2CR-RACO-LACNIC3
3SC-FLOKINET-LTD-201608262
4HO-22
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8SMARTWEB-NET1
9SAA1
10RO-ARTELECOM-200708151

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Romania3
4Costa Rica3
5Netherlands2
6Iceland2
7Germany2
8Canada2
9South Africa1
10Ukraine1

Suspected Bot List [2018-01-16]

detection period: 2018-01-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, January 16, 2018

Botnet Statistics [2018-01-15]

detection period: 2018-01-15 00:00-23:59 UTC
total number of suspected botnet IPs: 33
number of botnet IPs notified to network operators: 28
number of spam blocked: 35584
recipient count of spam blocked: 1066650

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2CR-RACO-LACNIC3
3SC-FLOKINET-LTD-201608262
4HO-22
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8STUFF-FIBRE-NZ1
9SMARTWEB-NET1
10SMARTONE-MO1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Romania3
4Costa Rica3
5Netherlands2
6Iceland2
7Germany2
8Canada2
9New Zealand1
10Norway1

Suspected Bot List [2018-01-15]

detection period: 2018-01-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Monday, January 15, 2018

Botnet Statistics [2018-01-14]

detection period: 2018-01-14 00:00-23:59 UTC
total number of suspected botnet IPs: 34
number of botnet IPs notified to network operators: 26
number of spam blocked: 37943
recipient count of spam blocked: 1137420

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2CR-RACO-LACNIC3
3SC-FLOKINET-LTD-201608262
4KORNET-KR2
5HO-22
6CHINANET-ZJ2
7hostio1
8UNICOM-CN1
9SMARTWEB-NET1
10SMARTONE-MO1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Netherlands4
3China4
4Romania3
5Costa Rica3
6South Korea2
7Iceland2
8Germany2
9Canada2
10South Africa1

Suspected Bot List [2018-01-14]

detection period: 2018-01-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
KR222.110.3.1South Korea
NL185.106.122.188Netherlands
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Sunday, January 14, 2018

Botnet Statistics for December 2017

detection period: 2017-12-01 00:00 - 2017-12-31 23:59 UTC
total number of suspected botnet IPs: 2897
number of blocked spams: 1389839
recipient count of blocked spams: 32784780

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China1457
2Viet Nam333
3United States232
4Brazil193
5India91
6Russian Federation54
7Czech Republic49
8Iran36
9Taiwan26
10Thailand23
11Argentina22
12Indonesia20
13Spain20
14Slovakia19
15Italy19
16Germany17
17Ukraine14
18Poland14
19Pakistan13
20Turkey12
21Romania12
22Hungary12
23South Korea10
24Mexico9
25Colombia9

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China563713
2United States233893
3Brazil127587
4Czech Republic118579
5Hong Kong69320
6Canada44891
7Netherlands38061
8Germany35560
9Israel25521
10Ukraine21333
11Costa Rica14912
12South Korea11918
13Iceland11431
14Poland11366
15Russian Federation11284
16Belize10891
17Norway8225
18Kyrgyzstan6595
19Romania5832
20UNKNOWN5279
21United Kingdom4991
22South Africa3227
23Seychelles1151
24Mexico1077
25Chile1032

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-01-13]

detection period: 2018-01-13 00:00-23:59 UTC
total number of suspected botnet IPs: 31
number of botnet IPs notified to network operators: 24
number of spam blocked: 27591
recipient count of spam blocked: 826715

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2SC-FLOKINET-LTD-201608262
3KORNET-KR2
4HO-22
5CR-RACO-LACNIC2
6CHINANET-ZJ2
7hostio1
8UNICOM-CN1
9SMARTWEB-NET1
10SMARTONE-MO1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2China4
3Romania3
4Netherlands3
5South Korea2
6Iceland2
7Germany2
8Costa Rica2
9Canada2
10South Africa1

Suspected Bot List [2018-01-13]

detection period: 2018-01-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
NL185.106.122.188Netherlands
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, January 13, 2018

Botnet Statistics [2018-01-12]

detection period: 2018-01-12 00:00-23:59 UTC
total number of suspected botnet IPs: 45
number of botnet IPs notified to network operators: 39
number of spam blocked: 26668
recipient count of spam blocked: 720870

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1ENCRYPTED-TRANSIT-IPV44
2DE-ISP4P-200601263
3UNIFIEDLAYER-NETWORK-132
4SC-FLOKINET-LTD-201608262
5HO-22
6DE-ISP4P-200412072
7CR-RACO-LACNIC2
8CHINANET-ZJ2
9hostio1
10WOOSHWIRELESSNZ1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States10
2Germany8
3China5
4Romania3
5Netherlands3
6Iceland2
7Costa Rica2
8Canada2
9South Africa1
10Viet Nam1

Suspected Bot List [2018-01-12]

detection period: 2018-01-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, January 12, 2018

Botnet Statistics [2018-01-11]

detection period: 2018-01-11 00:00-23:59 UTC
total number of suspected botnet IPs: 183
number of botnet IPs notified to network operators: 177
number of spam blocked: 33177
recipient count of spam blocked: 826443

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB55
2UNICOM-HB29
3CHINANET-JS15
4UNICOM-JS9
5CC-176
6CMNET5
7ENCRYPTED-TRANSIT-IPV44
8DE-ISP4P-200601264
9CHINANET-GD4
10DE-ISP4P-200412073

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China130
2United States19
3Germany9
4Netherlands4
5Romania2
6South Korea2
7Iceland2
8Costa Rica2
9Canada2
10New Zealand1

Suspected Bot List [2018-01-11]

detection period: 2018-01-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Thursday, January 11, 2018

Botnet Statistics [2018-01-10]

detection period: 2018-01-10 00:00-23:59 UTC
total number of suspected botnet IPs: 189
number of botnet IPs notified to network operators: 181
number of spam blocked: 32232
recipient count of spam blocked: 840549

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB39
2UNICOM-HB29
3CHINANET-JS19
4UNICOM-JS12
5DE-ISP4P-2006012610
6LSN-DLLSTX-76
7CC-176
8CMNET5
9UNIFIEDLAYER-NETWORK-144
10ENCRYPTED-TRANSIT-IPV44

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China125
2United States25
3Germany12
4Netherlands3
5Hong Kong3
6Romania2
7Mexico2
8Iceland2
9Costa Rica2
10Canada2

Suspected Bot List [2018-01-10]

detection period: 2018-01-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
PL195.22.126.39Poland
US12.196.122.74United States
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, January 10, 2018

Botnet Statistics [2018-01-09]

detection period: 2018-01-09 00:00-23:59 UTC
total number of suspected botnet IPs: 176
number of botnet IPs notified to network operators: 170
number of spam blocked: 21795
recipient count of spam blocked: 516941

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB37
2UNICOM-HB30
3UNICOM-JS15
4CHINANET-JS15
5DE-ISP4P-200601269
6UNIFIEDLAYER-NETWORK-148
7CMNET8
8CHINANET-ZJ-HZ6
9ENCRYPTED-TRANSIT-IPV44
10CC-174

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China122
2United States22
3Germany10
4Romania2
5Netherlands2
6Hong Kong2
7Costa Rica2
8South Africa1
9Russian Federation1
10Poland1

Suspected Bot List [2018-01-09]

detection period: 2018-01-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, January 9, 2018

Botnet Statistics [2018-01-08]

detection period: 2018-01-08 00:00-23:59 UTC
total number of suspected botnet IPs: 199
number of botnet IPs notified to network operators: 194
number of spam blocked: 18309
recipient count of spam blocked: 430341

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB62
2UNICOM-HB35
3CHINANET-JS15
4UNICOM-JS14
5DE-ISP4P-2006012611
6CMNET8
7UNIFIEDLAYER-NETWORK-144
8ENCRYPTED-TRANSIT-IPV44
9CHINANET-ZJ4
10CHINANET-GD3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China150
2United States14
3Germany12
4Netherlands2
5South Korea2
6Iceland2
7Hong Kong2
8Costa Rica2
9Turkey1
10Russian Federation1

Suspected Bot List [2018-01-08]

detection period: 2018-01-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Monday, January 8, 2018

Botnet Statistics [2018-01-07]

detection period: 2018-01-07 00:00-23:59 UTC
total number of suspected botnet IPs: 107
number of botnet IPs notified to network operators: 101
number of spam blocked: 22213
recipient count of spam blocked: 500369

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-HB27
2UNICOM-HB12
3DE-ISP4P-2006012611
4CMNET6
5ENCRYPTED-TRANSIT-IPV44
6CHINANET-ZJ-HZ4
7CHINANET-ZJ4
8CHINANET-ZJ-ZX3
9SC-FLOKINET-LTD-201608262
10HO-22

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China64
2Germany13
3United States10
4Romania2
5Netherlands2
6Iceland2
7Hong Kong2
8Costa Rica2
9Canada2
10Russian Federation1

Suspected Bot List [2018-01-07]

detection period: 2018-01-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Sunday, January 7, 2018

Botnet Statistics [2018-01-06]

detection period: 2018-01-06 00:00-23:59 UTC
total number of suspected botnet IPs: 57
number of botnet IPs notified to network operators: 52
number of spam blocked: 31476
recipient count of spam blocked: 1399414

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DE-ISP4P-200601269
2UNIFIEDLAYER-NETWORK-145
3ENCRYPTED-TRANSIT-IPV44
4PSYCHZ-NETWORKS3
5CHINANET-ZJ3
6SC-FLOKINET-LTD-201608262
7HO-22
8CR-RACO-LACNIC2
9CHINANET-HB2
10hostio1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States16
2Germany12
3China9
4Romania2
5Netherlands2
6Iceland2
7Costa Rica2
8Canada2
9New Zealand1
10Norway1

Suspected Bot List [2018-01-06]

detection period: 2018-01-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Saturday, January 6, 2018

Botnet Statistics [2018-01-05]

detection period: 2018-01-05 00:00-23:59 UTC
total number of suspected botnet IPs: 38
number of botnet IPs notified to network operators: 32
number of spam blocked: 53079
recipient count of spam blocked: 1638255

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3KORNET-KR3
4SC-FLOKINET-LTD-201608262
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8ULVT-NET1
9SMARTWEB-NET1
10SMARTONE-MO1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4South Korea3
5Romania2
6Netherlands2
7Iceland2
8Germany2
9South Africa1
10Russian Federation1

Suspected Bot List [2018-01-05]

detection period: 2018-01-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, January 5, 2018

Botnet Statistics [2018-01-04]

detection period: 2018-01-04 00:00-23:59 UTC
total number of suspected botnet IPs: 39
number of botnet IPs notified to network operators: 33
number of spam blocked: 71474
recipient count of spam blocked: 2193253

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3KORNET-KR3
4SC-FLOKINET-LTD-201608262
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8ULVT-NET1
9SMARTWEB-NET1
10SMARTONE-MO1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4South Korea3
5Norway2
6Netherlands2
7Iceland2
8Germany2
9Canada2
10South Africa1

Suspected Bot List [2018-01-04]

detection period: 2018-01-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, January 4, 2018

Botnet Statistics [2018-01-03]

detection period: 2018-01-03 00:00-23:59 UTC
total number of suspected botnet IPs: 37
number of botnet IPs notified to network operators: 31
number of spam blocked: 80734
recipient count of spam blocked: 2419368

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4KORNET-KR2
5CHINANET-ZJ2
6hostio1
7UNICOM-CN1
8ULVT-NET1
9SMARTWEB-NET1
10SMARTONE-MO1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4Norway2
5Netherlands2
6South Korea2
7Iceland2
8Germany2
9South Africa1
10Russian Federation1

Suspected Bot List [2018-01-03]

detection period: 2018-01-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, January 3, 2018

Botnet Statistics [2018-01-02]

detection period: 2018-01-02 00:00-23:59 UTC
total number of suspected botnet IPs: 38
number of botnet IPs notified to network operators: 33
number of spam blocked: 65516
recipient count of spam blocked: 1981328

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4KORNET-KR2
5CHINANET-ZJ2
6hostio1
7UNICOM-SX1
8UNICOM-CN1
9ULVT-NET1
10SMARTWEB-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States7
2Costa Rica5
3China5
4Romania2
5Netherlands2
6South Korea2
7Iceland2
8Germany2
9Canada2
10Russian Federation1

Suspected Bot List [2018-01-02]

detection period: 2018-01-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting:

Tuesday, January 2, 2018

Botnet Statistics [2018-01-01]

detection period: 2018-01-01 00:00-23:59 UTC
total number of suspected botnet IPs: 39
number of botnet IPs notified to network operators: 33
number of spam blocked: 55223
recipient count of spam blocked: 1667084

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4KORNET-KR2
5CHINANET-ZJ2
6hostio1
7UNICOM-SX1
8UNICOM-CN1
9ULVT-NET1
10SMARTWEB-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States6
2China6
3Costa Rica5
4Germany3
5Romania2
6Netherlands2
7South Korea2
8Iceland2
9Canada2
10South Africa1

Suspected Bot List [2018-01-01]

detection period: 2018-01-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, January 1, 2018

Botnet Statistics [2017-12-31]

detection period: 2017-12-31 00:00-23:59 UTC
total number of suspected botnet IPs: 31
number of botnet IPs notified to network operators: 27
number of spam blocked: 51406
recipient count of spam blocked: 1539963

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CR-RACO-LACNIC5
2ENCRYPTED-TRANSIT-IPV44
3SC-FLOKINET-LTD-201608262
4CHINANET-ZJ2
5hostio1
6UNICOM-CN1
7SMARTWEB-NET1
8RO-ARTELECOM-200708151
9NO-UPC-200507071
10NETVIGATOR1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States5
2Costa Rica5
3China4
4Germany3
5Netherlands2
6Iceland2
7Romania1
8Norway1
9South Korea1
10Kyrgyzstan1

Suspected Bot List [2017-12-31]

detection period: 2017-12-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
US23.129.64.101United States
US23.129.64.102United States
US23.129.64.103United States
US23.129.64.104United States

List from greylisting: