Custom Search

Saturday, March 31, 2018

Botnet Statistics [2018-03-30]

detection period: 2018-03-30 00:00-23:59 UTC
total number of suspected botnet IPs: 119
number of botnet IPs notified to network operators: 111
number of spam blocked: 39673
recipient count of spam blocked: 1187638

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud10
2TENCENT-CN7
3GOOGLE-CLOUD4
4broadNnet-KR3
5VNPT-VNNIC-VN3
6UCLOUD-NET3
7VIETEL-VN2
8OVH-SG-12
9KORNET-KR2
10INET-ISP-ID2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China39
2United States13
3France10
4Viet Nam6
5South Korea6
6Russian Federation3
7Netherlands3
8Canada3
9Taiwan2
10Mexico2

Suspected Bot List [2018-03-30]

detection period: 2018-03-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Friday, March 30, 2018

Botnet Statistics [2018-03-29]

detection period: 2018-03-29 00:00-23:59 UTC
total number of suspected botnet IPs: 187
number of botnet IPs notified to network operators: 180
number of spam blocked: 39479
recipient count of spam blocked: 1200785

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud10
2GOOGLE-CLOUD7
3KORNET-KR4
4HOSTWAY-054
5GO-DADDY-COM-LLC4
6hcmccable-net3
7NETVIGATOR3
8MSFT3
9broadNnet-KR2
10VNPT-VNNIC-VN2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States40
2China40
3France13
4Viet Nam8
5South Korea8
6India8
7Indonesia8
8Brazil7
9Russian Federation6
10United Kingdom5

Suspected Bot List [2018-03-29]

detection period: 2018-03-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Thursday, March 29, 2018

Botnet Statistics [2018-03-28]

detection period: 2018-03-28 00:00-23:59 UTC
total number of suspected botnet IPs: 97
number of botnet IPs notified to network operators: 94
number of spam blocked: 38713
recipient count of spam blocked: 1158722

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud5
2MSFT3
3CHINANET-JS3
4UNICOM-LN2
5UNICOM-HE2
6RU-KAMCHATKA2
7HOSTWAY-052
8CHINANET-ZJ2
9AT-88-Z2
10hcmccable-net1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China27
2United States17
3Russian Federation9
4Viet Nam3
5South Korea3
6India3
7Indonesia3
8Germany3
9Taiwan2
10Poland2

Suspected Bot List [2018-03-28]

detection period: 2018-03-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Wednesday, March 28, 2018

Suspected Bots' IP List for February 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-02-01]
Suspected Bots IP [2018-02-02]
Suspected Bots IP [2018-02-03]
Suspected Bots IP [2018-02-04]
Suspected Bots IP [2018-02-05]
Suspected Bots IP [2018-02-06]
Suspected Bots IP [2018-02-07]
Suspected Bots IP [2018-02-08]
Suspected Bots IP [2018-02-09]
Suspected Bots IP [2018-02-10]
Suspected Bots IP [2018-02-11]
Suspected Bots IP [2018-02-12]
Suspected Bots IP [2018-02-13]
Suspected Bots IP [2018-02-14]
Suspected Bots IP [2018-02-15]
Suspected Bots IP [2018-02-16]
Suspected Bots IP [2018-02-17]
Suspected Bots IP [2018-02-18]
Suspected Bots IP [2018-02-19]
Suspected Bots IP [2018-02-20]
Suspected Bots IP [2018-02-21]
Suspected Bots IP [2018-02-22]
Suspected Bots IP [2018-02-23]
Suspected Bots IP [2018-02-24]
Suspected Bots IP [2018-02-25]
Suspected Bots IP [2018-02-26]
Suspected Bots IP [2018-02-27]
Suspected Bots IP [2018-02-28]

Botnet Statistics [2018-03-27]

detection period: 2018-03-27 00:00-23:59 UTC
total number of suspected botnet IPs: 92
number of botnet IPs notified to network operators: 90
number of spam blocked: 44339
recipient count of spam blocked: 1211729

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1SS83
2GO-DADDY-COM-LLC3
3CHINANET-ZJ3
4broadNnet-KR2
5UNICOM-LN2
6NETVIGATOR2
7MSFT2
8HINET-NET2
9DOPI12
10CHINANET-JS2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China19
2United States16
3United Kingdom5
4Viet Nam4
5South Korea4
6Taiwan3
7Netherlands3
8Indonesia3
9France3
10Russian Federation2

Suspected Bot List [2018-03-27]

detection period: 2018-03-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Tuesday, March 27, 2018

Botnet Statistics [2018-03-26]

detection period: 2018-03-26 00:00-23:59 UTC
total number of suspected botnet IPs: 129
number of botnet IPs notified to network operators: 125
number of spam blocked: 37081
recipient count of spam blocked: 1051385

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1broadNnet-KR5
2SS84
3hcmccable-net3
4GO-DADDY-COM-LLC3
5DOPI13
6UNICOM-LN2
7TencentCloud2
8TELKOMNET2
9KORNET-KR2
10HINET2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States19
2China19
3France14
4South Korea10
5United Kingdom7
6Viet Nam6
7India6
8Indonesia5
9Brazil5
10Taiwan4

Suspected Bot List [2018-03-26]

detection period: 2018-03-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Monday, March 26, 2018

Botnet Statistics [2018-03-25]

detection period: 2018-03-25 00:00-23:59 UTC
total number of suspected botnet IPs: 94
number of botnet IPs notified to network operators: 92
number of spam blocked: 44679
recipient count of spam blocked: 963631

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-ZJ4
2VNPT-VNNIC-VN3
3hcmccable-net2
4broadNnet-KR2
5SC-QUASI672
6NETVIGATOR2
7MSFT2
8KORNET-KR2
9HINET-NET2
10GO-DADDY-COM-LLC2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China22
2Viet Nam9
3France9
4United States6
5India6
6South Korea5
7Brazil4
8Taiwan3
9Russian Federation3
10Netherlands3

Suspected Bot List [2018-03-25]

detection period: 2018-03-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, March 25, 2018

Botnet Statistics [2018-03-24]

detection period: 2018-03-24 00:00-23:59 UTC
total number of suspected botnet IPs: 40
number of botnet IPs notified to network operators: 39
number of spam blocked: 47446
recipient count of spam blocked: 1030720

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-LN2
2KORNET-KR2
3CHINANET-ZJ2
4Xpeed-KR1
5VPSONLINE-VN1
6VNPT-VNNIC-VN1
7VIETEL-VN1
8VE-CSVE-LACNIC1
9UNITEDPROTECTION-NET1
10UNIMELB1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China12
2United States4
3Viet Nam3
4Russian Federation3
5South Korea3
6Venezuela1
7Thailand1
8Singapore1
9Kazakhstan1
10Cambodia1

Suspected Bot List [2018-03-24]

detection period: 2018-03-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, March 24, 2018

Botnet Statistics [2018-03-23]

detection period: 2018-03-23 00:00-23:59 UTC
total number of suspected botnet IPs: 42
number of botnet IPs notified to network operators: 41
number of spam blocked: 37440
recipient count of spam blocked: 1120184

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN2
2KORNET-KR2
3CHINANET-ZJ2
4VPSONLINE-VN1
5VIETEL-VNNIC-VN1
6VE-CSVE-LACNIC1
7UNITEDPROTECTION-NET1
8UNICOM-TJ1
9UNICOM-LN1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China10
2Viet Nam4
3United States4
4Russian Federation4
5South Korea2
6India2
7Colombia2
8Canada2
9Venezuela1
10Taiwan1

Suspected Bot List [2018-03-23]

detection period: 2018-03-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Friday, March 23, 2018

Botnet Statistics [2018-03-22]

detection period: 2018-03-22 00:00-23:59 UTC
total number of suspected botnet IPs: 44
number of botnet IPs notified to network operators: 43
number of spam blocked: 38545
recipient count of spam blocked: 1187811

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JX3
2HINET-NET2
3CMNET2
4CHINANET-ZJ2
5libnet1
6broadNnet-KR1
7ZING-NET1
8WebShield1
9WAINSCOTTING1
10VPSONLINE-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China13
2United States6
3Russian Federation3
4India3
5Taiwan2
6South Korea2
7Italy2
8Hong Kong2
9Viet Nam1
10Venezuela1

Suspected Bot List [2018-03-22]

detection period: 2018-03-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Thursday, March 22, 2018

Botnet Statistics [2018-03-21]

detection period: 2018-03-21 00:00-23:59 UTC
total number of suspected botnet IPs: 43
number of botnet IPs notified to network operators: 41
number of spam blocked: 41642
recipient count of spam blocked: 997308

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR3
2CHINANET-ZJ3
3RO-JUMP-200511292
4CHINANET-TJ2
5CHINANET-JX2
6VNPT-VNNIC-VN1
7VE-CSVE-LACNIC1
8UNITEDPROTECTION-NET1
9UNIMELB1
10UNICOM-SD1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China13
2South Korea4
3United States3
4India3
5Viet Nam2
6Russian Federation2
7Italy2
8Ecuador2
9Chile2
10Australia2

Suspected Bot List [2018-03-21]

detection period: 2018-03-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Wednesday, March 21, 2018

Botnet Statistics [2018-03-20]

detection period: 2018-03-20 00:00-23:59 UTC
total number of suspected botnet IPs: 40
number of botnet IPs notified to network operators: 39
number of spam blocked: 15529
recipient count of spam blocked: 453690

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1FR-PROXAD-200510033
2CMNET2
3CHINANET-ZJ2
4CHINANET-GD2
5broadNnet-KR1
6VPSONLINE-VN1
7VNPT-VNNIC-VN1
8USI_ADSL_USERS1
9UNITEDPROTECTION-NET1
10UNICOM-LN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China17
2Viet Nam3
3France3
4Brazil3
5United States2
6Russian Federation2
7South Korea2
8Singapore1
9Poland1
10Philippines1

Suspected Bot List [2018-03-20]

detection period: 2018-03-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Tuesday, March 20, 2018

Botnet Statistics [2018-03-19]

detection period: 2018-03-19 00:00-23:59 UTC
total number of suspected botnet IPs: 56
number of botnet IPs notified to network operators: 55
number of spam blocked: 9535
recipient count of spam blocked: 287081

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR4
2VNPT-VNNIC-VN2
3UNICOM-CN2
4KORNET2
5CHINANET-ZJ2
6CHINANET-JX2
7broadNnet-KR1
8WebShield1
9VIETEL-VN1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China13
2South Korea7
3United States5
4Russian Federation4
5Viet Nam3
6Germany3
7India2
8Egypt2
9Brazil2
10Venezuela1

Suspected Bot List [2018-03-19]

detection period: 2018-03-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Monday, March 19, 2018

Botnet Statistics [2018-03-18]

detection period: 2018-03-18 00:00-23:59 UTC
total number of suspected botnet IPs: 45
number of botnet IPs notified to network operators: 43
number of spam blocked: 14315
recipient count of spam blocked: 428841

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR4
2VNPT-VNNIC-VN3
3CHINANET-ZJ2
4broadNnet-KR1
5VPSONLINE-VN1
6VE-CSVE-LACNIC1
7UNITEDPROTECTION-NET1
8UNICOM-SD1
9UNICOM-LN1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China11
2United States5
3South Korea5
4Viet Nam4
5India2
6France2
7Egypt2
8Venezuela1
9Thailand1
10Russian Federation1

Suspected Bot List [2018-03-18]

detection period: 2018-03-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, March 18, 2018

Botnet Statistics for February 2018

detection period: 2018-02-01 00:00 - 2018-02-28 23:59 UTC
total number of suspected botnet IPs: 210
number of blocked spams: 1004028
recipient count of blocked spams: 23191753

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1South Korea66
2United States23
3Egypt12
4Nigeria10
5Saudi Arabia8
6South Africa6
7India6
8Spain6
9Argentina6
10Viet Nam5
11Iran5
12China5
13Thailand4
14Netherlands4
15France4
16Serbia3
17Pakistan3
18Hong Kong3
19Portugal2
20Indonesia2
21Germany2
22Brazil2
23Australia2
24Venezuela1
25Taiwan1

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China465677
2Czech Republic110209
3Brazil108146
4France104255
5Iran65393
6Sweden49602
7Hong Kong38985
8Seychelles20583
9United States19625
10Venezuela12189
11Tunisia2578
12South Korea2302
13ZZ711
14New Caledonia611
15Colombia611
16Netherlands526
17India474
18Nigeria462
19Saudi Arabia172
20Pakistan160
21Greece109
22Kuwait97
23Egypt84
24Australia74
25Serbia51

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-03-17]

detection period: 2018-03-17 00:00-23:59 UTC
total number of suspected botnet IPs: 39
number of botnet IPs notified to network operators: 37
number of spam blocked: 22526
recipient count of spam blocked: 494008

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR3
2CHINANET-ZJ2
3WebShield1
4WIMORE1
5VPSONLINE-VN1
6VNPT-VNNIC-VN1
7VIS-BLOCK1
8VE-CSVE-LACNIC1
9UNITEDPROTECTION-NET1
10UNICOM-ZJ1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China11
2United States6
3Viet Nam3
4South Korea3
5Russian Federation2
6Venezuela1
7Tanzania1
8Poland1
9Philippines1
10Italy1

Suspected Bot List [2018-03-17]

detection period: 2018-03-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Saturday, March 17, 2018

Botnet Statistics [2018-03-16]

detection period: 2018-03-16 00:00-23:59 UTC
total number of suspected botnet IPs: 42
number of botnet IPs notified to network operators: 39
number of spam blocked: 29571
recipient count of spam blocked: 837279

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN2
2KORNET-KR2
3CHINANET-ZJ2
4broadNnet-KR1
5Vox-Telecom1
6VPSONLINE-VN1
7VE-CSVE-LACNIC1
8UNITEDPROTECTION-NET1
9UNICOM-CN1
10UNICOM1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China11
2India4
3Viet Nam3
4South Korea3
5Brazil3
6United Kingdom2
7South Africa1
8Venezuela1
9United States1
10Singapore1

Suspected Bot List [2018-03-16]

detection period: 2018-03-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
SC185.56.80.110Seychelles

List from greylisting:

Friday, March 16, 2018

Botnet Statistics [2018-03-15]

detection period: 2018-03-15 00:00-23:59 UTC
total number of suspected botnet IPs: 62
number of botnet IPs notified to network operators: 58
number of spam blocked: 32849
recipient count of spam blocked: 859962

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR4
2VNPT-VNNIC-VN3
3broadNnet-KR2
4CHINANET-ZJ2
5CHINANET-JX2
6Xpeed-KR1
7Xiaoniaoyun1
8WebShield1
9VOLUMEDRIVE1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China15
2South Korea8
3United States5
4Viet Nam3
5Russian Federation3
6India3
7Brazil3
8Netherlands2
9Japan2
10Argentina2

Suspected Bot List [2018-03-15]

detection period: 2018-03-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Thursday, March 15, 2018

Botnet Statistics [2018-03-14]

detection period: 2018-03-14 00:00-23:59 UTC
total number of suspected botnet IPs: 48
number of botnet IPs notified to network operators: 45
number of spam blocked: 37466
recipient count of spam blocked: 810403

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR3
2CHINANET-ZJ3
3CHINANET-JX3
4WebShield1
5WEBSTREAM1
6WASUHZ1
7VNPT-VNNIC-VN1
8VE-CSVE-LACNIC1
9UNITEDPROTECTION-NET1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China14
2United States8
3Russian Federation3
4South Korea3
5Viet Nam2
6India2
7Germany2
8Venezuela1
9Thailand1
10Seychelles1

Suspected Bot List [2018-03-14]

detection period: 2018-03-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
SC185.56.80.110Seychelles

List from greylisting:

Wednesday, March 14, 2018

Botnet Statistics [2018-03-13]

detection period: 2018-03-13 00:00-23:59 UTC
total number of suspected botnet IPs: 42
number of botnet IPs notified to network operators: 41
number of spam blocked: 34048
recipient count of spam blocked: 981000

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR3
2UNICOM-LN2
3CHINANET-ZJ2
4CHINANET-JX2
5Xpeed-KR1
6X-ATOM1
7WAYNE-V4-11
8VPSONLINE-VN1
9VE-CSVE-LACNIC1
10UNITEDPROTECTION-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China9
2United States6
3South Korea4
4Russian Federation3
5France3
6Ukraine2
7Brazil2
8Viet Nam1
9Venezuela1
10Turkey1

Suspected Bot List [2018-03-13]

detection period: 2018-03-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Tuesday, March 13, 2018

Botnet Statistics [2018-03-12]

detection period: 2018-03-12 00:00-23:59 UTC
total number of suspected botnet IPs: 120
number of botnet IPs notified to network operators: 109
number of spam blocked: 26671
recipient count of spam blocked: 726470

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR30
2KORNET-KR10
3VNPT-VNNIC-VN3
4KTFWING-KR3
5broadNnet-KR2
6VE-CSVE-LACNIC2
7UNICOM-LN2
8CHINANET-ZJ2
9CHINANET-JX2
10CHINANET-GD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea46
2China17
3United States10
4Viet Nam5
5Russian Federation5
6United Kingdom3
7Brazil3
8Venezuela2
9Saudi Arabia2
10Iran2

Suspected Bot List [2018-03-12]

detection period: 2018-03-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 11

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.82.101Argentina
CZ185.82.212.95Czech Republic
DZ193.194.69.186Algeria
EG41.199.248.205Egypt
IR212.33.206.132Iran
MX187.178.176.10Mexico
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA90.148.130.93Saudi Arabia
SA212.76.76.242Saudi Arabia

List from greylisting:

Monday, March 12, 2018

Botnet Statistics [2018-03-11]

detection period: 2018-03-11 00:00-23:59 UTC
total number of suspected botnet IPs: 56
number of botnet IPs notified to network operators: 54
number of spam blocked: 23948
recipient count of spam blocked: 717599

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR5
2broadNnet-KR2
3NETVIGATOR2
4CHINANET-ZJ2
5CHINANET-GS2
6ZING-NET1
7YUEQING-GAOSHENGKEJI1
8XCITC-CN1
9VNPT-VNNIC-VN1
10UNITEDPROTECTION-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China15
2United States7
3South Korea7
4Russian Federation3
5Italy3
6Viet Nam2
7Hong Kong2
8France2
9Germany2
10Ukraine1

Suspected Bot List [2018-03-11]

detection period: 2018-03-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic

List from greylisting:

Sunday, March 11, 2018

Botnet Statistics [2018-03-10]

detection period: 2018-03-10 00:00-23:59 UTC
total number of suspected botnet IPs: 101
number of botnet IPs notified to network operators: 95
number of spam blocked: 22685
recipient count of spam blocked: 679100

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR9
2LGTELECOM-KR7
3VNPT-VNNIC-VN3
4UNICOM-LN2
5TATANET2
6NETVIGATOR2
7CMNET2
8CHINANET-ZJ2
9CHINANET-TJ2
10BORANET-KR2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea21
2China21
3United States10
4India6
5Viet Nam5
6Russian Federation3
7Hong Kong3
8France3
9Pakistan2
10Japan2

Suspected Bot List [2018-03-10]

detection period: 2018-03-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR200.63.36.151Argentina
CZ185.82.212.95Czech Republic
MX187.178.176.10Mexico
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA212.76.76.242Saudi Arabia

List from greylisting:

Saturday, March 10, 2018

Botnet Statistics [2018-03-09]

detection period: 2018-03-09 00:00-23:59 UTC
total number of suspected botnet IPs: 63
number of botnet IPs notified to network operators: 59
number of spam blocked: 24567
recipient count of spam blocked: 735510

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR3
2VNPT-VNNIC-VN2
3UNICOM-LN2
4CHINANET-ZJ2
5broadNnet-KR1
6XinnetIDC1
7WEBAIRINTERNET1
8VPSONLINE-VN1
9VE-CSVE-LACNIC1
10UNITEDPROTECTION-NET1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China14
2United States7
3South Korea5
4Viet Nam4
5Russian Federation4
6France3
7Brazil3
8Nigeria2
9Hong Kong2
10Czech Republic2

Suspected Bot List [2018-03-09]

detection period: 2018-03-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
NG197.242.109.82Nigeria
SA212.76.76.242Saudi Arabia

List from greylisting:

Friday, March 9, 2018

Botnet Statistics [2018-03-08]

detection period: 2018-03-08 00:00-23:59 UTC
total number of suspected botnet IPs: 96
number of botnet IPs notified to network operators: 90
number of spam blocked: 37395
recipient count of spam blocked: 849569

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR6
2LGTELECOM-KR5
3CHINANET-ZJ3
4VNPT-VNNIC-VN2
5TELEPAC-DSL-RES2
6KTFWING-KR2
7IP2000-ADSL-BAS2
8BORANET-KR2
9AR-CTLI2-LACNIC2
10broadNnet-KR1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China18
2South Korea17
3United States7
4France5
5Viet Nam4
6Russian Federation4
7Portugal3
8Italy3
9Taiwan2
10Pakistan2

Suspected Bot List [2018-03-08]

detection period: 2018-03-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.81.119Argentina
AR131.108.83.249Argentina
CZ185.82.212.95Czech Republic
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
TW123.195.250.35Taiwan

List from greylisting:

Thursday, March 8, 2018

Botnet Statistics [2018-03-07]

detection period: 2018-03-07 00:00-23:59 UTC
total number of suspected botnet IPs: 61
number of botnet IPs notified to network operators: 58
number of spam blocked: 47020
recipient count of spam blocked: 1052223

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Xpeed-KR2
2UNICOM-CN2
3KORNET-KR2
4CHINANET-ZJ2
5CHINANET-YN2
6CHINANET-JS2
7002.558.157/0001-622
8broadNnet-KR1
9WSUNET1
10VOLUMEDRIVE1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China17
2United States7
3South Korea6
4Brazil4
5Italy3
6France3
7India2
8Viet Nam1
9Venezuela1
10Taiwan1

Suspected Bot List [2018-03-07]

detection period: 2018-03-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.83.249Argentina
AZ89.147.210.206Azerbaijan
CZ185.82.212.95Czech Republic

List from greylisting:

Wednesday, March 7, 2018

Botnet Statistics [2018-03-06]

detection period: 2018-03-06 00:00-23:59 UTC
total number of suspected botnet IPs: 89
number of botnet IPs notified to network operators: 83
number of spam blocked: 43154
recipient count of spam blocked: 947896

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR9
2KORNET-KR3
3VNPT-VNNIC-VN2
4UNICOM-LN2
5UNICOM-CN2
6TEDATA-200911052
7RRNY2
8ONLINE_NET_DEDICATED_SERVERS2
9NETVIGATOR2
10HSI-72

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China17
2South Korea15
3United States9
4Viet Nam4
5Italy3
6Hong Kong3
7France3
8Egypt3
9Russian Federation2
10Netherlands2

Suspected Bot List [2018-03-06]

detection period: 2018-03-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.83.249Argentina
CZ185.82.212.95Czech Republic
RS178.149.102.210Serbia
SA212.76.76.242Saudi Arabia
TW123.195.250.35Taiwan

List from greylisting:

Tuesday, March 6, 2018

Botnet Statistics [2018-03-05]

detection period: 2018-03-05 00:00-23:59 UTC
total number of suspected botnet IPs: 80
number of botnet IPs notified to network operators: 72
number of spam blocked: 38317
recipient count of spam blocked: 943344

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR5
2KORNET-KR5
3CHINANET-ZJ2
4CHINANET-JX2
5broadNnet-KR1
6Xpeed-KR1
7WebShield1
8WINDSTREAM1
9WEBAIRINTERNET1
10VPSONLINE-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea15
2China11
3United States8
4Russian Federation3
5Pakistan3
6France3
7Egypt3
8Viet Nam2
9Saudi Arabia2
10Netherlands2

Suspected Bot List [2018-03-05]

detection period: 2018-03-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.82.214Argentina
AR200.63.36.151Argentina
CZ185.82.212.95Czech Republic
EG41.65.218.72Egypt
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA213.181.172.244Saudi Arabia

List from greylisting:

Monday, March 5, 2018

Botnet Statistics [2018-03-04]

detection period: 2018-03-04 00:00-23:59 UTC
total number of suspected botnet IPs: 41
number of botnet IPs notified to network operators: 38
number of spam blocked: 25843
recipient count of spam blocked: 800096

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET-KR3
2HINET-NET2
3DO-CODE-LACNIC2
4CHINANET-ZJ2
5CHINANET-JX2
6WEBAIRINTERNET1
7VOLUMEDRIVE1
8VNPT-VNNIC-VN1
9VIETEL-VNNIC-VN1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China12
2South Korea4
3Viet Nam3
4United States3
5Egypt3
6Taiwan2
7Dominican Republic2
8Venezuela1
9Saudi Arabia1
10Pakistan1

Suspected Bot List [2018-03-04]

detection period: 2018-03-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CZ185.82.212.95Czech Republic
EG41.65.218.72Egypt
SA212.76.76.242Saudi Arabia

List from greylisting:

Sunday, March 4, 2018

Botnet Statistics [2018-03-03]

detection period: 2018-03-03 00:00-23:59 UTC (data from SSH probes included for the first time)
total number of suspected botnet IPs: 51
number of botnet IPs notified to network operators: 45
number of spam blocked: 26136
recipient count of spam blocked: 806929

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR3
2KORNET-KR3
3VNPT-VNNIC-VN2
4TELEPAC-DSL-RES2
5CHINANET-ZJ2
6broadNnet-KR1
7WINDSTREAM-COMMUNICATIONS1
8WEBAIRINTERNET1
9VODAFONE-NET-IN1
10VIETEL-VNNIC-VN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea10
2China8
3United States4
4Viet Nam3
5Egypt3
6Portugal2
7Pakistan2
8India2
9Spain2
10South Africa1

Suspected Bot List [2018-03-03]

detection period: 2018-03-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.83.48Argentina
CZ185.82.212.95Czech Republic
EG41.65.218.72Egypt
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
SA212.76.76.242Saudi Arabia

List from greylisting:

Saturday, March 3, 2018

Botnet Statistics [2018-03-02]

detection period: 2018-03-02 00:00-23:59 UTC
total number of suspected botnet IPs: 45
number of botnet IPs notified to network operators: 38
number of spam blocked: 32149
recipient count of spam blocked: 963136

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR4
2VNPT-VNNIC-VN2
3TELEPAC-DSL-RES2
4KTFWING-KR2
5CHINANET-ZJ2
6broadNnet-KR1
7ZOOMNIGERIA1
8WINDSTREAM-COMMUNICATIONS1
9WEBAIRINTERNET1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea9
2United States5
3Egypt4
4China4
5Viet Nam2
6Portugal2
7Pakistan2
8South Africa1
9Venezuela1
10Saudi Arabia1

Suspected Bot List [2018-03-02]

detection period: 2018-03-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.82.55Argentina
CZ185.82.212.95Czech Republic
EG41.65.218.72Egypt
KW37.34.243.227Kuwait
PK182.180.89.184Pakistan
PK202.61.51.123Pakistan
SA212.76.76.242Saudi Arabia

List from greylisting:

Friday, March 2, 2018

Botnet Statistics [2018-03-01]

detection period: 2018-03-01 00:00-23:59 UTC
total number of suspected botnet IPs: 56
number of botnet IPs notified to network operators: 49
number of spam blocked: 33616
recipient count of spam blocked: 950486

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR5
2RRNY2
3CHINANET-ZJ2
4broadNnet-KR1
5WINDSTREAM-COMMUNICATIONS1
6WEBAIRINTERNET1
7VNPT-VNNIC-VN1
8VIETEL-VNNIC-VN1
9VE-CSVE-LACNIC1
10UNICOM-CN1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1United States9
2South Korea8
3China4
4Viet Nam3
5Egypt3
6South Africa2
7Pakistan2
8Nigeria2
9India2
10Hong Kong2

Suspected Bot List [2018-03-01]

detection period: 2018-03-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 7

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.82.55Argentina
CZ185.82.212.95Czech Republic
EG41.65.218.72Egypt
KW37.34.243.227Kuwait
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA212.76.76.242Saudi Arabia

List from greylisting:

Thursday, March 1, 2018

Botnet Statistics [2018-02-28]

detection period: 2018-02-28 00:00-23:59 UTC
total number of suspected botnet IPs: 51
number of botnet IPs notified to network operators: 43
number of spam blocked: 34465
recipient count of spam blocked: 946272

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1LGTELECOM-KR5
2TOT-NET2
3RRNY2
4KORNET-KR2
5CHINANET-ZJ2
6broadNnet-KR1
7WINDSTREAM-COMMUNICATIONS1
8WEBAIRINTERNET1
9VIETEL-VN1
10VE-CSVE-LACNIC1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1South Korea9
2United States6
3China4
4Pakistan3
5South Africa2
6Thailand2
7Nigeria2
8Iran2
9India2
10Egypt2

Suspected Bot List [2018-02-28]

detection period: 2018-02-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 8

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR131.108.80.141Argentina
CZ185.82.212.95Czech Republic
KW37.34.243.227Kuwait
NG197.255.173.209Nigeria
PK182.176.166.172Pakistan
PK202.61.51.123Pakistan
RS178.149.102.210Serbia
SA212.76.76.242Saudi Arabia

List from greylisting: