Custom Search

Monday, April 23, 2018

Botnet Statistics for March 2018

detection period: 2018-03-01 00:00 - 2018-03-31 23:59 UTC
total number of suspected botnet IPs: 1273
number of blocked spams: 1005516
recipient count of blocked spams: 26718540

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China251
2United States167
3South Korea139
4Viet Nam80
5France60
6Russian Federation40
7India39
8Brazil39
9Egypt26
10Germany26
11Indonesia25
12United Kingdom25
13Italy21
14Taiwan20
15Netherlands20
16Canada17
17Australia15
18Japan13
19Spain13
20Hong Kong11
21Argentina11
22Singapore10
23Ukraine9
24Thailand9
25Nigeria9

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China562224
2Czech Republic123991
3United States59945
4Venezuela58679
5Hong Kong54595
6Netherlands48164
7Brazil40364
8United Kingdom17635
9Ireland12149
10Seychelles4735
11Poland4587
12Tunisia4256
13Hungary3914
14Sweden2348
15Italy1663
16South Korea1636
17India1156
18ZZ1121
19France749
20Colombia465
21Pakistan183
22Egypt128
23Belgium103
24Saudi Arabia94
25Viet Nam82

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2018-04-22]

detection period: 2018-04-22 00:00-23:59 UTC
total number of suspected botnet IPs: 91
number of botnet IPs notified to network operators: 90
number of spam blocked: 23075
recipient count of spam blocked: 701705

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud4
2UNITEDPROTECTION-NET3
3CHINANET-ZJ3
4NETVIGATOR2
5KORNET-KR2
6HOSTWAY-052
7DXTNET2
8CHINANET-JX2
9CHINANET-JS2
10CHINANET-GD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China28
2United States17
3Russian Federation6
4France5
5Viet Nam3
6South Korea3
7Brazil3
8Singapore2
9Hong Kong2
10United Kingdom2

Suspected Bot List [2018-04-22]

detection period: 2018-04-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting: