Custom Search

Friday, November 30, 2018

Botnet Statistics [2018-11-29]

detection period: 2018-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 3722
number of botnet IPs notified to network operators: 3476
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud98
2TENCENT-CN58
3CHINANET-GD49
4KORNET-KR48
5002.558.157/0001-6246
6DO-1341
7DIGITALOCEAN-841
8CMNET40
9Baidu39
10AT-88-Z39

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China718
2United States619
3France333
4Brazil186
5Russian Federation171
6India107
7Italy106
8Netherlands104
9South Korea91
10Canada88

Suspected Bot List [2018-11-29]

detection period: 2018-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 246

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, November 29, 2018

Botnet Statistics [2018-11-28]

detection period: 2018-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 3299
number of botnet IPs notified to network operators: 3061
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud71
2CHINANET-JS50
3CMNET45
4CHINANET-GD45
5KORNET-KR43
6AT-88-Z40
7UNKNOWN39
8TENCENT-CN38
9DO-1337
10MSFT36

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China656
2United States533
3France293
4Russian Federation147
5Brazil125
6Italy101
7India92
8Netherlands89
9South Korea80
10United Kingdom79

Suspected Bot List [2018-11-28]

detection period: 2018-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 238

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, November 28, 2018

Botnet Statistics [2018-11-27]

detection period: 2018-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 2830
number of botnet IPs notified to network operators: 2623
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS53
2CHINANET-GD47
3CMNET41
4TencentCloud36
5DO-1333
6KORNET-KR31
7002.558.157/0001-6228
8MSFT26
9AT-88-Z26
10TENCENT-CN23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China574
2United States465
3France221
4Brazil119
5Russian Federation111
6Netherlands85
7Germany74
8India70
9Italy66
10United Kingdom64

Suspected Bot List [2018-11-27]

detection period: 2018-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 207

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, November 27, 2018

Botnet Statistics [2018-11-26]

detection period: 2018-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 2143
number of botnet IPs notified to network operators: 1972
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-JS44
2CHINANET-GD37
3CMNET32
4002.558.157/0001-6227
5AT-88-Z25
6TencentCloud24
7KORNET-KR23
8DO-1322
9HINET-NET18
10GOOGLE-CLOUD17

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China456
2United States365
3France142
4Russian Federation106
5Brazil84
6Netherlands71
7Germany59
8South Korea51
9Canada51
10India50

Suspected Bot List [2018-11-26]

detection period: 2018-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 171

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, November 26, 2018

Botnet Statistics [2018-11-25]

detection period: 2018-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 2049
number of botnet IPs notified to network operators: 1896
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD49
2CHINANET-JS41
3002.558.157/0001-6240
4CMNET35
5KORNET-KR26
6HINET-NET26
7AT-88-Z23
8TencentCloud22
9CHINANET-SC21
10DO-1316

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China468
2United States332
3France138
4Russian Federation101
5Brazil94
6Netherlands65
7United Kingdom52
8Italy47
9South Korea41
10Taiwan39

Suspected Bot List [2018-11-25]

detection period: 2018-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 153

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, November 25, 2018

Botnet Statistics [2018-11-24]

detection period: 2018-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 2035
number of botnet IPs notified to network operators: 1854
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD41
2CMNET35
3CHINANET-JS33
4KORNET-KR28
5AT-88-Z28
6TencentCloud26
7002.558.157/0001-6226
8HINET-NET18
9ONLINE_NET_DEDICATED_SERVERS17
10DO-1316

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China492
2United States319
3Russian Federation114
4Brazil86
5France84
6Netherlands71
7South Korea58
8India44
9Germany43
10Viet Nam39

Suspected Bot List [2018-11-24]

detection period: 2018-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 181

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, November 24, 2018

Botnet Statistics [2018-11-23]

detection period: 2018-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 1870
number of botnet IPs notified to network operators: 1703
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD45
2CMNET37
3CHINANET-JS28
4KORNET-KR27
5HINET-NET26
6TencentCloud23
7AT-88-Z22
8002.558.157/0001-6222
9CHINANET-SC17
10SGCABLEVISION-SG16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China451
2United States300
3Russian Federation100
4Brazil80
5France61
6Netherlands50
7South Korea50
8Viet Nam45
9Italy44
10United Kingdom40

Suspected Bot List [2018-11-23]

detection period: 2018-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 167

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, November 23, 2018

Botnet Statistics [2018-11-22]

detection period: 2018-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 1989
number of botnet IPs notified to network operators: 1814
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CHINANET-GD53
2CHINANET-JS39
3AT-88-Z34
4TencentCloud27
5CMNET27
6HINET-NET25
7AMAZON-2011L25
8KORNET-KR21
9MX-USCV4-LACNIC20
10UNICOM-LN19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China475
2United States328
3Russian Federation123
4Brazil84
5France78
6Netherlands58
7Italy48
8Viet Nam45
9Taiwan43
10India42

Suspected Bot List [2018-11-22]

detection period: 2018-11-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 175

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, November 22, 2018

Botnet Statistics [2018-11-21]

detection period: 2018-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 3844
number of botnet IPs notified to network operators: 3530
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNKNOWN184
2VNPT-VNNIC-VN145
3TELKOMNET64
4HINET-NET60
5CHINANET-JS45
6VE-CSVE-LACNIC44
7KORNET-KR39
8CHINANET-GD37
9TencentCloud31
10AT-88-Z31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China557
2United States460
3Viet Nam293
4Russian Federation259
5Brazil207
6France184
7Indonesia172
8India163
9Taiwan87
10Thailand79

Suspected Bot List [2018-11-21]

detection period: 2018-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 314

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, November 21, 2018

Botnet Statistics [2018-11-20]

detection period: 2018-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 3544
number of botnet IPs notified to network operators: 3243
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN118
2VE-CSVE-LACNIC72
3HINET-NET64
4CHINANET-GD51
5CHINANET-JS43
6TELKOMNET42
7002.558.157/0001-6241
8KORNET-KR39
9TencentCloud31
10MX-USCV4-LACNIC29

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China513
2United States396
3Viet Nam247
4Russian Federation239
5India188
6Brazil178
7France165
8Indonesia109
9Taiwan99
10Venezuela80

Suspected Bot List [2018-11-20]

detection period: 2018-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 301

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, November 20, 2018

Botnet Statistics [2018-11-19]

detection period: 2018-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 3124
number of botnet IPs notified to network operators: 2839
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN149
2TELKOMNET64
3HINET-NET53
4CHINANET-GD47
5VE-CSVE-LACNIC39
6UNKNOWN39
7VIETEL-VNNIC-VN37
8TencentCloud35
9MX-USCV4-LACNIC33
10CHINANET-JS32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China543
2United States328
3Viet Nam264
4Russian Federation181
5Brazil169
6Indonesia157
7India144
8Taiwan75
9France72
10Ukraine64

Suspected Bot List [2018-11-19]

detection period: 2018-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 286

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, November 19, 2018

Botnet Statistics [2018-11-18]

detection period: 2018-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 2745
number of botnet IPs notified to network operators: 2518
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN74
2HINET-NET59
3VE-CSVE-LACNIC45
4CHINANET-GD43
5TELKOMNET41
6TencentCloud34
7UNKNOWN28
8002.558.157/0001-6227
9CMNET26
10DIGITALOCEAN-825

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China474
2United States314
3Russian Federation212
4Viet Nam140
5Brazil121
6India107
7France92
8Indonesia89
9Taiwan75
10Netherlands60

Suspected Bot List [2018-11-18]

detection period: 2018-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 227

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, November 18, 2018

Botnet Statistics [2018-11-17]

detection period: 2018-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 2903
number of botnet IPs notified to network operators: 2630
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN86
2HINET-NET51
3TELKOMNET47
4VE-CSVE-LACNIC45
5UNKNOWN45
6CHINANET-GD43
7CHINANET-JS33
8TencentCloud31
9KORNET-KR31
10MX-USCV4-LACNIC29

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China497
2United States325
3Russian Federation211
4Viet Nam193
5Brazil153
6India126
7Indonesia115
8Taiwan75
9United Kingdom66
10South Korea62

Suspected Bot List [2018-11-17]

detection period: 2018-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 273

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, November 17, 2018

Botnet Statistics [2018-11-16]

detection period: 2018-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 2936
number of botnet IPs notified to network operators: 2650
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN112
2TELKOMNET63
3HINET-NET50
4CHINANET-GD48
5TencentCloud46
6VE-CSVE-LACNIC44
7AMAZON-2011L41
8002.558.157/0001-6238
9UNKNOWN35
10AT-88-Z33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China482
2United States335
3Viet Nam223
4Russian Federation194
5Brazil156
6Indonesia142
7India135
8Taiwan76
9United Kingdom76
10Mexico59

Suspected Bot List [2018-11-16]

detection period: 2018-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 286

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, November 16, 2018

Botnet Statistics [2018-11-15]

detection period: 2018-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 2944
number of botnet IPs notified to network operators: 2666
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN108
2TELKOMNET74
3VE-CSVE-LACNIC51
4CHINANET-GD50
5HINET-NET47
6002.558.157/0001-6244
7UNKNOWN36
8CHINANET-JS36
9TencentCloud35
10MX-USCV4-LACNIC32

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China469
2United States335
3Viet Nam220
4Russian Federation206
5Indonesia148
6Brazil142
7India141
8Netherlands85
9France75
10United Kingdom73

Suspected Bot List [2018-11-15]

detection period: 2018-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 278

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, November 15, 2018

Botnet Statistics [2018-11-14]

detection period: 2018-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 3129
number of botnet IPs notified to network operators: 2806
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN149
2TELKOMNET65
3VE-CSVE-LACNIC59
4CHINANET-GD49
5HINET-NET48
6UNKNOWN39
7DIGITALOCEAN-734
8VIETEL-VN33
9TencentCloud33
10MX-USCV4-LACNIC33

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China487
2United States329
3Viet Nam277
4Russian Federation202
5Indonesia186
6Brazil168
7India145
8Taiwan79
9France71
10Venezuela69

Suspected Bot List [2018-11-14]

detection period: 2018-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 323

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, November 14, 2018

TCP port scan detection with HAProxy: Revised

I gained more understanding of Debian and HAProxy after my previous post on detecting TCP port scans with HAProxy. Because the HAProxy package for Debian has its own logging setting,  my own logging configurations are not really necessary. Here are the revised and shorter instructions:

  1. Install HAProxy.
    apt-get install haproxy
  2. Append the following lines to HAProxy's configuration at /etc/haproxy/haproxy.cfg.  Please note that the "log" statement has changed.
    frontend fr_tcp
        log global
        mode tcp
        bind <IP address of your HAProxy server>:1-24
        bind <IP address of your HAProxy server>:26-79
        bind <IP address of your HAProxy server>:81-40000
        log-format %ci:%cp\ =>\ %[dst]:%[dst_port]\ [%t]\ %ft\ %b/%s\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq
        default_backend bk_tcp
    
    backend bk_tcp
        mode tcp
        server www-2 127.0.0.1:1028
    
  3. restart rsyslog and haproxy.
    service rsyslog restart
    service haproxy restart
That's all you need to get HAProxy to detect TCP port scans.  You should soon get TCP scan logs in /var/log/haproxy.log like the following:

2018-11-14T13:23:43.916980+00:00 vps542 haproxy[23849]: 20x.1yz.35.1xz:43908 => 18x.1yz.122.zy:22032 [14/Nov/2018:13:23:39.095] fr_tcp bk_tcp/www-2 1/0/4821 991 -- 2/2/2/2/0 0/0

It shows that a node at IP 20x.1yz.35.1xz had tried to connect to TCP port 22032 of my VPS.  Simple, huh?

Botnet Statistics [2018-11-13]

detection period: 2018-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 2751
number of botnet IPs notified to network operators: 2370
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN134
2UNKNOWN123
3TELKOMNET69
4HINET-NET49
5CMNET36
6VE-CSVE-LACNIC34
7MX-USCV4-LACNIC33
8CHINANET-GD33
9VIETEL-VNNIC-VN31
10002.558.157/0001-6231

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China389
2United States258
3Viet Nam253
4Russian Federation209
5Brazil155
6Indonesia150
7India146
8Taiwan77
9France69
10Mexico61

Suspected Bot List [2018-11-13]

detection period: 2018-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 383

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, November 13, 2018

Botnet Statistics [2018-11-12]

detection period: 2018-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 3029
number of botnet IPs notified to network operators: 2672
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNKNOWN126
2VNPT-VNNIC-VN106
3DIGITALOCEAN-860
4TELKOMNET57
5CHINANET-GD54
6HINET-NET51
7VE-CSVE-LACNIC43
8CMNET40
9CHINANET-JS40
10002.558.157/0001-6228

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China564
2United States319
3Russian Federation213
4Viet Nam212
5Brazil162
6Indonesia145
7India143
8Taiwan78
9France72
10Thailand61

Suspected Bot List [2018-11-12]

detection period: 2018-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 360

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, November 12, 2018

Botnet Statistics [2018-11-11]

detection period: 2018-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 2535
number of botnet IPs notified to network operators: 2270
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNKNOWN73
2VNPT-VNNIC-VN59
3CHINANET-GD47
4VE-CSVE-LACNIC39
5HINET-NET39
6CHINANET-JS36
7TELKOMNET34
8DIGITALOCEAN-832
9TencentCloud31
10002.558.157/0001-6229

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China455
2United States316
3Russian Federation206
4Brazil143
5Viet Nam134
6Indonesia92
7India84
8France78
9Taiwan65
10United Kingdom65

Suspected Bot List [2018-11-11]

detection period: 2018-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 265

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, November 11, 2018

Botnet Statistics [2018-11-10]

detection period: 2018-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 1981
number of botnet IPs notified to network operators: 1735
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNKNOWN74
2VNPT-VNNIC-VN60
3HINET-NET35
4CHINANET-GD35
5DIGITALOCEAN-834
6CHINANET-JS33
7VE-CSVE-LACNIC30
8TELKOMNET28
9TencentCloud25
10LogicWeb-Inc23

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China364
2United States250
3Russian Federation133
4Brazil110
5Viet Nam98
6France72
7Indonesia71
8India67
9Taiwan58
10Turkey41

Suspected Bot List [2018-11-10]

detection period: 2018-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 246

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, November 10, 2018

Botnet Statistics [2018-11-09]

detection period: 2018-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 2270
number of botnet IPs notified to network operators: 1967
number of spam blocked: 1069
recipient count of spam blocked: 31983

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN81
2CMPak-KHI-IGW73
3UNKNOWN68
4DIGITALOCEAN-851
5TELKOMNET38
6LogicWeb-Inc36
7CHINANET-GD35
8MX-USCV4-LACNIC32
9VE-CSVE-LACNIC31
10HINET-NET31

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China357
2United States264
3Viet Nam153
4Russian Federation146
5Brazil113
6India100
7Pakistan93
8Indonesia87
9Mexico52
10Turkey51

Suspected Bot List [2018-11-09]

detection period: 2018-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 303

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, November 9, 2018

Botnet Statistics [2018-11-08]

detection period: 2018-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 2858
number of botnet IPs notified to network operators: 2605
number of spam blocked: 3892
recipient count of spam blocked: 116731

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN133
2TELKOMNET63
3VE-CSVE-LACNIC54
4HINET-NET52
5CMPak-KHI-IGW41
6CHINANET-GD39
7TencentCloud36
8DIGITALOCEAN-835
9VIETEL-VNNIC-VN32
10CHINANET-JS30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China445
2United States300
3Viet Nam259
4Russian Federation212
5Indonesia157
6Brazil139
7India114
8France91
9Taiwan70
10Venezuela62

Suspected Bot List [2018-11-08]

detection period: 2018-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 253

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, November 8, 2018

Botnet Statistics [2018-11-07]

detection period: 2018-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 2381
number of botnet IPs notified to network operators: 2124
number of spam blocked: 90
recipient count of spam blocked: 2671

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN69
2CMPak-KHI-IGW53
3TELKOMNET44
4AMAZON-2011L44
5VE-CSVE-LACNIC41
6MX-USCV4-LACNIC35
7AT-88-Z35
8HINET-NET34
9DIGITALOCEAN-831
10CHINANET-GD30

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China369
2United States319
3Viet Nam145
4Russian Federation144
5Brazil120
6Indonesia103
7Pakistan82
8India69
9France59
10Mexico56

Suspected Bot List [2018-11-07]

detection period: 2018-11-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 257

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Wednesday, November 7, 2018

Botnet Statistics [2018-11-06]

detection period: 2018-11-06 00:00-23:59 UTC
total number of suspected botnet IPs: 2438
number of botnet IPs notified to network operators: 2214
number of spam blocked: 40
recipient count of spam blocked: 1142

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN79
2CMPak-KHI-IGW50
3TELKOMNET45
4DIGITALOCEAN-843
5CHINANET-GD39
6HINET-NET34
7CMNET32
8VE-CSVE-LACNIC31
9002.558.157/0001-6230
10LogicWeb-Inc28

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China397
2United States256
3Russian Federation162
4Viet Nam158
5Brazil125
6Indonesia107
7India93
8France80
9Pakistan70
10Netherlands69

Suspected Bot List [2018-11-06]

detection period: 2018-11-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 224

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, November 6, 2018

Botnet Statistics [2018-11-05]

detection period: 2018-11-05 00:00-23:59 UTC
total number of suspected botnet IPs: 2214
number of botnet IPs notified to network operators: 2008
number of spam blocked: 12300
recipient count of spam blocked: 66747

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN68
2CMPak-KHI-IGW51
3TELKOMNET37
4CHINANET-GD34
5HINET-NET33
6KORNET-KR31
7VE-CSVE-LACNIC29
8CHINANET-JS29
9CMNET26
10002.558.157/0001-6224

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China387
2United States230
3Russian Federation141
4Viet Nam139
5India105
6Brazil105
7Indonesia78
8France76
9Pakistan61
10United Kingdom53

Suspected Bot List [2018-11-05]

detection period: 2018-11-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 206

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, November 5, 2018

Suspected Bots' IP List for October 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-10-01]
Suspected Bots IP [2018-10-02]
Suspected Bots IP [2018-10-03]
Suspected Bots IP [2018-10-04]
Suspected Bots IP [2018-10-05]
Suspected Bots IP [2018-10-06]
Suspected Bots IP [2018-10-07]
Suspected Bots IP [2018-10-08]
Suspected Bots IP [2018-10-09]
Suspected Bots IP [2018-10-10]
Suspected Bots IP [2018-10-11]
Suspected Bots IP [2018-10-12]
Suspected Bots IP [2018-10-13]
Suspected Bots IP [2018-10-14]
Suspected Bots IP [2018-10-15]
Suspected Bots IP [2018-10-16]
Suspected Bots IP [2018-10-17]
Suspected Bots IP [2018-10-18]
Suspected Bots IP [2018-10-19]
Suspected Bots IP [2018-10-20]
Suspected Bots IP [2018-10-21]
Suspected Bots IP [2018-10-22]
Suspected Bots IP [2018-10-23]
Suspected Bots IP [2018-10-24]
Suspected Bots IP [2018-10-25]
Suspected Bots IP [2018-10-26]
Suspected Bots IP [2018-10-27]
Suspected Bots IP [2018-10-28]
Suspected Bots IP [2018-10-29]
Suspected Bots IP [2018-10-30]
Suspected Bots IP [2018-10-31]

Suspected Bots' IP List for September 2018

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2018-09-01]
Suspected Bots IP [2018-09-02]
Suspected Bots IP [2018-09-03]
Suspected Bots IP [2018-09-04]
Suspected Bots IP [2018-09-05]
Suspected Bots IP [2018-09-06]
Suspected Bots IP [2018-09-07]
Suspected Bots IP [2018-09-08]
Suspected Bots IP [2018-09-09]
Suspected Bots IP [2018-09-10]
Suspected Bots IP [2018-09-11]
Suspected Bots IP [2018-09-12]
Suspected Bots IP [2018-09-13]
Suspected Bots IP [2018-09-14]
Suspected Bots IP [2018-09-15]
Suspected Bots IP [2018-09-16]
Suspected Bots IP [2018-09-17]
Suspected Bots IP [2018-09-18]
Suspected Bots IP [2018-09-19]
Suspected Bots IP [2018-09-20]
Suspected Bots IP [2018-09-21]
Suspected Bots IP [2018-09-22]
Suspected Bots IP [2018-09-23]
Suspected Bots IP [2018-09-24]
Suspected Bots IP [2018-09-25]
Suspected Bots IP [2018-09-26]
Suspected Bots IP [2018-09-27]
Suspected Bots IP [2018-09-28]
Suspected Bots IP [2018-09-29]
Suspected Bots IP [2018-09-30]

Botnet Statistics for October 2018

detection period: 2018-10-01 00:00 - 2018-10-31 23:59 UTC
total number of suspected botnet IPs: 30662
number of blocked spams: 184030
recipient count of blocked spams: 5086189

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China6165
2United States3657
3Russian Federation1882
4Brazil1752
5Viet Nam1598
6Indonesia1465
7India1084
8Taiwan1036
9South Korea646
10Hong Kong572
11Turkey563
12France553
13Ukraine491
14Thailand473
15Italy426
16Mexico401
17Venezuela384
18Germany373
19United Kingdom364
20Iran360
21Netherlands343
22Sweden303
23Canada300
24Egypt240
25Colombia230

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China147425
2South Korea12449
3Spain12167
4Netherlands5067
5Colombia4486
6Canada1311
7United States636
8France226
9India76
10ZZ26
11Viet Nam21
12Indonesia15
13Germany9
14Bangladesh8
15Romania7
16Tunisia6
17Portugal6
18Brazil6
19Taiwan5
20Mexico5
21United Kingdom5
22Turkey4
23Philippines4
24Italy4
25Poland3

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics for September 2018

detection period: 2018-09-01 00:00 - 2018-09-30 23:59 UTC
total number of suspected botnet IPs: 21714
number of blocked spams: 200946
recipient count of blocked spams: 5988768

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China4494
2United States2428
3Russian Federation1318
4Brazil1236
5Viet Nam1136
6Indonesia918
7India843
8Taiwan723
9France456
10South Korea450
11Thailand396
12Turkey391
13Ukraine363
14Italy343
15Hong Kong305
16United Kingdom278
17Mexico269
18Netherlands266
19Germany261
20Venezuela259
21Iran230
22Egypt216
23Canada216
24Colombia184
25South Africa174

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China144897
2South Korea19561
3United States11091
4Colombia8564
5Spain6817
6Argentina4465
7Russian Federation2506
8United Kingdom2135
9Poland335
10Estonia298
11India58
12ZZ28
13Pakistan22
14Brazil15
15France13
16Viet Nam10
17Netherlands8
18Italy8
19Indonesia6
20Portugal5
21Nigeria5
22Iraq5
23Tunisia4
24Iran4
25Canada4

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-11-04]

detection period: 2018-11-04 00:00-23:59 UTC
total number of suspected botnet IPs: 1942
number of botnet IPs notified to network operators: 1774
number of spam blocked: 8885
recipient count of spam blocked: 129146

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMPak-KHI-IGW61
2DIGITALOCEAN-845
3CHINANET-GD36
4HINET-NET34
5CHINANET-JS31
6VNPT-VNNIC-VN28
7VE-CSVE-LACNIC25
8UNKNOWN23
9CMNET23
10002.558.157/0001-6223

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China366
2United States232
3Russian Federation129
4Brazil96
5India76
6Viet Nam75
7Pakistan69
8France62
9Taiwan58
10Indonesia56

Suspected Bot List [2018-11-04]

detection period: 2018-11-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 168

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, November 4, 2018

Botnet Statistics [2018-11-03]

detection period: 2018-11-03 00:00-23:59 UTC
total number of suspected botnet IPs: 1895
number of botnet IPs notified to network operators: 1708
number of spam blocked: 3921
recipient count of spam blocked: 117630

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMPak-KHI-IGW54
2DIGITALOCEAN-852
3VNPT-VNNIC-VN47
4HINET-NET44
5TELKOMNET30
6CHINANET-GD28
7CMNET24
8VE-CSVE-LACNIC22
9WHG-NETWORKS21
10TencentCloud20

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China327
2United States224
3Russian Federation128
4Viet Nam100
5India74
6Indonesia73
7Brazil68
8Pakistan65
9Taiwan58
10France51

Suspected Bot List [2018-11-03]

detection period: 2018-11-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 187

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, November 3, 2018

Botnet Statistics [2018-11-02]

detection period: 2018-11-02 00:00-23:59 UTC
total number of suspected botnet IPs: 1887
number of botnet IPs notified to network operators: 1709
number of spam blocked: 4188
recipient count of spam blocked: 125640

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN58
2DIGITALOCEAN-841
3HINET-NET32
4CMPak-KHI-IGW30
5TELKOMNET28
6AMAZON-2011L28
7VE-CSVE-LACNIC25
8TencentCloud25
9AT-88-Z22
10WHG-NETWORKS21

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China332
2United States247
3Russian Federation129
4Viet Nam123
5India99
6Indonesia83
7Brazil75
8United Kingdom47
9Taiwan46
10France44

Suspected Bot List [2018-11-02]

detection period: 2018-11-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 178

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, November 2, 2018

Botnet Statistics [2018-11-01]

detection period: 2018-11-01 00:00-23:59 UTC
total number of suspected botnet IPs: 1921
number of botnet IPs notified to network operators: 1775
number of spam blocked: 2999
recipient count of spam blocked: 89865

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN54
2CHINANET-JS38
3CHINANET-GD38
4HINET-NET35
5DIGITALOCEAN-833
6CMPak-KHI-IGW32
7AT-88-Z29
8CMNET25
9TencentCloud24
10AMAZON-2011L24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China400
2United States262
3Viet Nam117
4Russian Federation117
5Brazil88
6India82
7Taiwan54
8Indonesia48
9United Kingdom45
10France45

Suspected Bot List [2018-11-01]

detection period: 2018-11-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 146

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, November 1, 2018

Botnet Statistics [2018-10-31]

detection period: 2018-10-31 00:00-23:59 UTC
total number of suspected botnet IPs: 1672
number of botnet IPs notified to network operators: 1514
number of spam blocked: 4787
recipient count of spam blocked: 143494

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DIGITALOCEAN-838
2VNPT-VNNIC-VN35
3HINET-NET34
4CHINANET-JS32
5CHINANET-GD28
6002.558.157/0001-6227
7CMNET25
8TELKOMNET24
9TencentCloud20
10LogicWeb-Inc19

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China344
2United States221
3Russian Federation92
4Brazil90
5Viet Nam66
6Taiwan54
7Indonesia54
8India50
9South Korea43
10Netherlands40