Custom Search

Monday, September 25, 2017

Botnet Statistics [2017-09-24]

detection period: 2017-09-24 00:00-23:59 UTC
total number of suspected botnet IPs: 105
number of botnet IPs notified to network operators: 99
number of spam blocked: 3820
recipient count of spam blocked: 50811

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu51
2CHINANET-JS9
3CHINANET-FJ9
4CHINANET-GD5
5LSN-DLLSTX-23
6ALISOFT3
7IT-TECHNORAIL-200808142
8CMNET2
9CHINANET-HB2
10origo-com-tr-229491

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China87
2Russian Federation5
3United States4
4Italy3
5Turkey1
6Tunisia1
7Mexico1
8South Korea1
9Iran1
10United Kingdom1

Suspected Bot List [2017-09-24]

detection period: 2017-09-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, September 24, 2017

Botnet Statistics [2017-09-23]

detection period: 2017-09-23 00:00-23:59 UTC
total number of suspected botnet IPs: 184
number of botnet IPs notified to network operators: 180
number of spam blocked: 8350
recipient count of spam blocked: 56123

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu51
2CHINANET-GD48
3CHINANET-JS18
4CHINANET-FJ8
5CHINANET-HB5
6CHINANET-ZJ4
7IT-TECHNORAIL-200808143
8HOSTWINDS-19-13
9CMNET3
10CHINANET-ZJ-NB3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China157
2United States8
3Italy4
4Russian Federation2
5South Korea2
6Viet Nam1
7Turkey1
8Tunisia1
9Malaysia1
10Mexico1

Suspected Bot List [2017-09-23]

detection period: 2017-09-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, September 23, 2017

Botnet Statistics [2017-09-22]

detection period: 2017-09-22 00:00-23:59 UTC
total number of suspected botnet IPs: 216
number of botnet IPs notified to network operators: 207
number of spam blocked: 16773
recipient count of spam blocked: 30344

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-GD39
3CHINANET-FJ14
4WASU11
5CHINANET-JS7
6RO-SCCH-CENTER-185-123-220-0-236
7HOSTWINDS-19-16
8ALISOFT6
9VNPT-VNNIC-VN5
10CMNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China154
2United States10
3India8
4Viet Nam7
5Romania6
6Russian Federation5
7Italy4
8South Korea3
9Brazil3
10Iran2

Suspected Bot List [2017-09-22]

detection period: 2017-09-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, September 22, 2017

Botnet Statistics [2017-09-21]

detection period: 2017-09-21 00:00-23:59 UTC
total number of suspected botnet IPs: 319
number of botnet IPs notified to network operators: 297
number of spam blocked: 25448
recipient count of spam blocked: 72756

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2WASU50
3CMNET49
4CHINANET-GD21
5CHINANET-FJ10
6Turkbil-internet-hizmetleri9
7CHINANET-JS8
8VNPT-VNNIC-VN5
9UNIFIEDLAYER-NETWORK-145
10ALISOFT5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China224
2United States16
3Turkey11
4Viet Nam9
5Italy6
6Indonesia6
7Taiwan3
8Mexico3
9France3
10Thailand2

Suspected Bot List [2017-09-21]

detection period: 2017-09-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 22

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
LK122.255.31.42Sri Lanka
RU80.254.115.87Russian Federation
TH61.7.236.60Thailand
TH122.154.239.123Thailand

List from greylisting:

Thursday, September 21, 2017

Botnet Statistics [2017-09-20]

detection period: 2017-09-20 00:00-23:59 UTC
total number of suspected botnet IPs: 355
number of botnet IPs notified to network operators: 322
number of spam blocked: 24285
recipient count of spam blocked: 96271

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2WASU47
3CMNET41
4CHINANET-JS29
5VNPT-VNNIC-VN13
6CHINANET-FJ7
7BHARTI-IN7
8UNIFIEDLAYER-NETWORK-136
9CHINANET-GD6
10UNIFIEDLAYER-NETWORK-145

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China221
2United States21
3India16
4Viet Nam14
5South Korea9
6Italy6
7Turkey5
8Mexico5
9Indonesia5
10Spain4

Suspected Bot List [2017-09-20]

detection period: 2017-09-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 33

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BW168.167.251.213Botswana
TH182.53.243.228Thailand

List from greylisting:

Wednesday, September 20, 2017

Botnet Statistics [2017-09-19]

detection period: 2017-09-19 00:00-23:59 UTC
total number of suspected botnet IPs: 339
number of botnet IPs notified to network operators: 320
number of spam blocked: 17766
recipient count of spam blocked: 96678

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET74
2Baidu52
3WASU30
4VNPT-VNNIC-VN15
5CHINANET-FJ14
6Turkbil-internet-hizmetleri11
7CHINANET-JS10
8CHINANET-GD10
9UNIFIEDLAYER-NETWORK-147
10LGTELECOM-KR5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China225
2United States21
3Viet Nam20
4Turkey13
5India9
6South Korea6
7Mexico5
8Brazil5
9Italy3
10Singapore2

Suspected Bot List [2017-09-19]

detection period: 2017-09-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 19

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, September 19, 2017

Botnet Statistics [2017-09-18]

detection period: 2017-09-18 00:00-23:59 UTC
total number of suspected botnet IPs: 287
number of botnet IPs notified to network operators: 278
number of spam blocked: 16097
recipient count of spam blocked: 71844

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2WASU42
3CMNET32
4CHINANET-SD10
5CHINANET-GD9
6HICHINA8
7CHINANET-JS8
8ALISOFT8
9CHINANET-ZJ-NB5
10UNIFIEDLAYER-NETWORK-144

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China213
2United States16
3Mexico5
4Colombia5
5Taiwan4
6Italy4
7Japan3
8Indonesia3
9Chile3
10Bolivia3

Suspected Bot List [2017-09-18]

detection period: 2017-09-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 9

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
CA167.114.7.103Canada
TH61.7.236.60Thailand
TH125.26.207.22Thailand

List from greylisting:

Monday, September 18, 2017

Botnet Statistics [2017-09-17]

detection period: 2017-09-17 00:00-23:59 UTC
total number of suspected botnet IPs: 151
number of botnet IPs notified to network operators: 147
number of spam blocked: 4124
recipient count of spam blocked: 29408

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2MSFT14
3CHINANET-FJ11
4CHINANET-GD9
5CHINANET-JS8
6CMNET7
7HICHINA6
8CHINANET-SD6
9ALISOFT5
10CHINANET-AH3

The top 8 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China122
2United States17
3Russian Federation4
4Japan3
5Italy2
6Tunisia1
7Hong Kong1
8France1

Suspected Bot List [2017-09-17]

detection period: 2017-09-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, September 17, 2017

Botnet Statistics [2017-09-16]

detection period: 2017-09-16 00:00-23:59 UTC
total number of suspected botnet IPs: 123
number of botnet IPs notified to network operators: 119
number of spam blocked: 6939
recipient count of spam blocked: 8409

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-FJ13
3CHINANET-JS5
4CMNET4
5CHINANET-GD4
6UNIFIEDLAYER-NETWORK-133
7HICHINA3
8CHINANET-SN3
9UNIFIEDLAYER-NETWORK-142
10UNICOM-HA2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China100
2United States10
3Russian Federation3
4Japan3
5Viet Nam1
6Tunisia1
7Netherlands1
8Indonesia1
9France1
10Germany1

Suspected Bot List [2017-09-16]

detection period: 2017-09-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, September 16, 2017

Botnet Statistics [2017-09-15]

detection period: 2017-09-15 00:00-23:59 UTC
total number of suspected botnet IPs: 173
number of botnet IPs notified to network operators: 172
number of spam blocked: 16068
recipient count of spam blocked: 25378

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2WASU33
3CHINANET-JS15
4UNIFIEDLAYER-NETWORK-138
5CHINANET-SD8
6CHINANET-FJ7
7CHINANET-GD6
8UNIFIEDLAYER-NETWORK-144
9CHINANET-JX4
10CMNET3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China146
2United States17
3Japan2
4Hong Kong2
5Taiwan1
6Tunisia1
7Singapore1
8Russian Federation1
9France1
10Canada1

Suspected Bot List [2017-09-15]

detection period: 2017-09-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, September 15, 2017

Botnet Statistics [2017-09-14]

detection period: 2017-09-14 00:00-23:59 UTC
total number of suspected botnet IPs: 334
number of botnet IPs notified to network operators: 324
number of spam blocked: 6626
recipient count of spam blocked: 50086

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU84
2CMNET65
3Baidu52
4CHINANET-FJ12
5CHINANET-JX9
6CHINANET-SD7
7CHINANET-JS6
8HICHINA5
9CHINANET-GD5
10CHINANET-ZJ-ZX4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China277
2India8
3United States6
4Viet Nam5
5Brazil5
6Iran3
7Bulgaria3
8Taiwan2
9Tunisia2
10Nigeria2

Suspected Bot List [2017-09-14]

detection period: 2017-09-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, September 14, 2017

Botnet Statistics [2017-09-13]

detection period: 2017-09-13 00:00-23:59 UTC
total number of suspected botnet IPs: 572
number of botnet IPs notified to network operators: 548
number of spam blocked: 20837
recipient count of spam blocked: 125573

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1MSFT233
2WASU78
3Baidu52
4CMNET50
5CHINANET-JS14
6CHINANET-FJ14
7ALISOFT12
8UNIFIEDLAYER-NETWORK-147
9CHINANET-SD7
10CHINANET-HB7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China287
2United States250
3Taiwan7
4Thailand3
5Japan3
6Bulgaria3
7Tunisia2
8Chile2
9Brazil2
10Viet Nam1

Suspected Bot List [2017-09-13]

detection period: 2017-09-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 24

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO200.7.160.167Bolivia
TH61.7.236.60Thailand
TH125.26.207.22Thailand
TW123.194.224.234Taiwan
UY179.25.182.47Uruguay

List from greylisting:

Wednesday, September 13, 2017

Suspected Bots' IP List for August 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-08-01]
Suspected Bots IP [2017-08-02]
Suspected Bots IP [2017-08-03]
Suspected Bots IP [2017-08-04]
Suspected Bots IP [2017-08-05]
Suspected Bots IP [2017-08-06]
Suspected Bots IP [2017-08-07]
Suspected Bots IP [2017-08-08]
Suspected Bots IP [2017-08-09]
Suspected Bots IP [2017-08-10]
Suspected Bots IP [2017-08-11]
Suspected Bots IP [2017-08-12]
Suspected Bots IP [2017-08-13]
Suspected Bots IP [2017-08-14]
Suspected Bots IP [2017-08-15]
Suspected Bots IP [2017-08-16]
Suspected Bots IP [2017-08-17]
Suspected Bots IP [2017-08-18]
Suspected Bots IP [2017-08-19]
Suspected Bots IP [2017-08-20]
Suspected Bots IP [2017-08-21]
Suspected Bots IP [2017-08-22]
Suspected Bots IP [2017-08-23]
Suspected Bots IP [2017-08-24]
Suspected Bots IP [2017-08-25]
Suspected Bots IP [2017-08-26]
Suspected Bots IP [2017-08-27]
Suspected Bots IP [2017-08-28]
Suspected Bots IP [2017-08-29]
Suspected Bots IP [2017-08-30]
Suspected Bots IP [2017-08-31]

Botnet Statistics [2017-09-12]

detection period: 2017-09-12 00:00-23:59 UTC
total number of suspected botnet IPs: 379
number of botnet IPs notified to network operators: 369
number of spam blocked: 19591
recipient count of spam blocked: 19620

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET82
2MSFT59
3Baidu52
4WASU40
5CHINANET-FJ12
6CHINANET-JS11
7IINET-AU8
8UNIFIEDLAYER-NETWORK-157
9CHINANET-JX7
10CHINANET-AH7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China255
2United States74
3India8
4Australia8
5Viet Nam5
6Iran4
7Mexico3
8Japan3
9Peru2
10Ukraine1

Suspected Bot List [2017-09-12]

detection period: 2017-09-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 10

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, September 12, 2017

Botnet Statistics [2017-09-11]

detection period: 2017-09-11 00:00-23:59 UTC
total number of suspected botnet IPs: 334
number of botnet IPs notified to network operators: 311
number of spam blocked: 17042
recipient count of spam blocked: 17051

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET59
2Baidu52
3WASU28
4MSFT14
5CHINANET-FJ11
6UNIFIEDLAYER-NETWORK-158
7CHINANET-JS7
8VNPT-VNNIC-VN6
9UNIFIEDLAYER-NETWORK-146
10CHINANET-HN6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China203
2United States33
3Viet Nam18
4India10
5Iran6
6Brazil6
7Turkey5
8Mexico4
9Italy4
10Colombia4

Suspected Bot List [2017-09-11]

detection period: 2017-09-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 23

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, September 11, 2017

Botnet Statistics [2017-09-10]

detection period: 2017-09-10 00:00-23:59 UTC
total number of suspected botnet IPs: 150
number of botnet IPs notified to network operators: 144
number of spam blocked: 4086
recipient count of spam blocked: 4086

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1MSFT53
2Baidu52
3IINET-AU5
4CHINANET-JS4
5UNIFIEDLAYER-NETWORK-143
6CHINANET-SD3
7CHINANET-GD3
8CHINANET-FJ3
9UNIFIEDLAYER-NETWORK-152
10tonghnetwork1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China76
2United States61
3Australia5
4Viet Nam1
5Tunisia1
6Russian Federation1
7Nigeria1
8South Korea1
9Japan1
10Italy1

Suspected Bot List [2017-09-10]

detection period: 2017-09-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 6

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, September 8, 2017

Botnet Statistics [2017-09-07]

detection period: 2017-09-07 00:00-23:59 UTC
total number of suspected botnet IPs: 259
number of botnet IPs notified to network operators: 227
number of spam blocked: 18426
recipient count of spam blocked: 71151

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-GD16
3CHINANET-FJ13
4UNIFIEDLAYER-NETWORK-1412
5CHINANET-JS9
6VNPT-VNNIC-VN8
7VIETEL-VNNIC-VN4
8CHINANET-SD4
9CHINANET-AH4
10BHARTI-IN4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China133
2Viet Nam20
3United States19
4India16
5Mexico9
6Italy6
7Taiwan4
8Thailand4
9Colombia4
10Argentina3

Suspected Bot List [2017-09-07]

detection period: 2017-09-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO200.7.160.167Bolivia
TH61.7.241.50Thailand
TH123.242.161.20Thailand
UY179.25.175.155Uruguay

List from greylisting:

Thursday, September 7, 2017

Botnet Statistics [2017-09-06]

detection period: 2017-09-06 00:00-23:59 UTC
total number of suspected botnet IPs: 293
number of botnet IPs notified to network operators: 261
number of spam blocked: 20935
recipient count of spam blocked: 46279

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu51
2CHINANET-GD12
3CHINANET-SD11
4CHINANET-FJ11
5VNPT-VNNIC-VN10
6CHINANET-JS9
7UNIFIEDLAYER-NETWORK-147
8UNIFIEDLAYER-NETWORK-156
9HICHINA6
10ALISOFT6

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China150
2United States19
3Viet Nam17
4India13
5Mexico10
6Iran8
7Brazil8
8Colombia6
9Chile6
10Indonesia5

Suspected Bot List [2017-09-06]

detection period: 2017-09-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 32

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO200.7.160.167Bolivia
TH125.26.207.22Thailand

List from greylisting:

Wednesday, September 6, 2017

Botnet Statistics [2017-09-05]

detection period: 2017-09-05 00:00-23:59 UTC
total number of suspected botnet IPs: 203
number of botnet IPs notified to network operators: 177
number of spam blocked: 19208
recipient count of spam blocked: 19208

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-JS11
3CHINANET-GD10
4UNIFIEDLAYER-NETWORK-147
5CHINANET-SD7
6LSN-DLLSTX-26
7CMNET6
8CHINANET-FJ6
9BHARTI-IN5
10CHINANET-HN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China116
2India18
3United States16
4Viet Nam8
5Brazil5
6Iran4
7Philippines3
8Russian Federation2
9Netherlands2
10Mexico2

Suspected Bot List [2017-09-05]

detection period: 2017-09-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 26

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Tuesday, September 5, 2017

Botnet Statistics [2017-09-04]

detection period: 2017-09-04 00:00-23:59 UTC
total number of suspected botnet IPs: 161
number of botnet IPs notified to network operators: 149
number of spam blocked: 5937
recipient count of spam blocked: 135193

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu52
2CHINANET-GD6
3CHINANET-JS5
4VNPT-VNNIC-VN4
5HICHINA4
6UNICOM-GD3
7LSN-DLLSTX-23
8CHINANET-JX3
9CHINANET-HB3
10CHINANET-HA3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China99
2India14
3Viet Nam8
4United States7
5Iran6
6Indonesia5
7Bangladesh2
8Argentina2
9Venezuela1
10Taiwan1

Suspected Bot List [2017-09-04]

detection period: 2017-09-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, September 4, 2017

Botnet Statistics [2017-09-03]

detection period: 2017-09-03 00:00-23:59 UTC
total number of suspected botnet IPs: 100
number of botnet IPs notified to network operators: 96
number of spam blocked: 3652
recipient count of spam blocked: 3652

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu48
2CHINANET-GD8
3CMNET4
4LSN-DLLSTX-23
5CHINANET-ZJ3
6HICHINA2
7DXTNET2
8CHINANET-SN2
9CHINANET-JS2
10tonghnetwork1

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China87
2United States3
3Romania1
4Mexico1
5Kuwait1
6South Korea1
7Italy1
8India1
9United Kingdom1
10Spain1

Suspected Bot List [2017-09-03]

detection period: 2017-09-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 4

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Sunday, September 3, 2017

Botnet Statistics [2017-09-02]

detection period: 2017-09-02 00:00-23:59 UTC
total number of suspected botnet IPs: 139
number of botnet IPs notified to network operators: 127
number of spam blocked: 8716
recipient count of spam blocked: 39692

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu44
2CHINANET-GD12
3HICHINA8
4ALISOFT7
5LSN-DLLSTX-25
6CHINANET-JS5
7CHINANET-JX3
8totnet2
9TencentCloud2
10OVH-ARIN-62

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China97
2United States8
3Thailand6
4Russian Federation4
5Canada4
6Taiwan2
7South Korea2
8Indonesia2
9Germany2
10Chile2

Suspected Bot List [2017-09-02]

detection period: 2017-09-02 00:00-23:59 UTC
number of suspected bots' IPs listed here: 12

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH61.7.236.60Thailand
TH61.7.241.50Thailand
TH61.19.33.74Thailand
TH125.24.137.52Thailand
TH125.26.207.22Thailand

List from greylisting:

Saturday, September 2, 2017

Botnet Statistics for August 2017

detection period: 2017-08-01 00:00 - 2017-08-31 23:59 UTC
total number of suspected botnet IPs: 9013
number of blocked spams: 1396677
recipient count of blocked spams: 30757477

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China4954
2United States1497
3India358
4Viet Nam283
5Taiwan184
6Poland128
7Brazil113
8Hong Kong111
9Russian Federation97
10Netherlands95
11Czech Republic73
12Iran68
13United Kingdom59
14Indonesia56
15Bulgaria48
16Chile44
17Pakistan41
18Germany40
19Canada38
20Italy37
21Mexico35
22Colombia33
23Bangladesh33
24Turkey32
25Thailand29

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1China416753
2United States219893
3South Korea146727
4Poland130592
5Brazil128491
6Russian Federation66056
7Venezuela40183
8United Kingdom26491
9South Africa21861
10Hong Kong20718
11Canada16188
12Netherlands15145
13Azerbaijan14865
14Czech Republic13094
15Saint Kitts And Nevis12073
16Germany11993
17Viet Nam11733
18Singapore10211
19Japan8896
20France8158
21Bulgaria7076
22Arab Emirates6979
23Libya4352
24Mexico3705
25Norway3428

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-09-01]

detection period: 2017-09-01 00:00-23:59 UTC
total number of suspected botnet IPs: 214
number of botnet IPs notified to network operators: 178
number of spam blocked: 17265
recipient count of spam blocked: 17265

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET43
2Baidu36
3WASU18
4UNIFIEDLAYER-NETWORK-1411
5CHINANET-GD6
6VNPT-VNNIC-VN5
7CHINANET-JS5
8UNICOM4
9CHINANET-YN4
10BSNLNET4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China134
2India20
3United States16
4Viet Nam13
5Russian Federation3
6Brazil3
7Thailand2
8Pakistan2
9Spain2
10Ukraine1

Suspected Bot List [2017-09-01]

detection period: 2017-09-01 00:00-23:59 UTC
number of suspected bots' IPs listed here: 36

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Friday, September 1, 2017

Botnet Statistics [2017-08-31]

detection period: 2017-08-31 00:00-23:59 UTC
total number of suspected botnet IPs: 391
number of botnet IPs notified to network operators: 353
number of spam blocked: 24226
recipient count of spam blocked: 86214

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET81
2WASU43
3Baidu36
4CHINANET-JS25
5VNPT-VNNIC-VN11
6CHINANET-GD9
7BSNLNET8
8BHARTI-IN8
9UNICOM7
10HICHINA7

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China242
2India39
3Viet Nam21
4United States16
5Brazil5
6Bangladesh5
7Turkey4
8Pakistan4
9Iran4
10Indonesia4

Suspected Bot List [2017-08-31]

detection period: 2017-08-31 00:00-23:59 UTC
number of suspected bots' IPs listed here: 38

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
CA167.114.39.68Canada
GR62.169.214.53Greece
PK202.61.51.123Pakistan
TH125.26.207.22Thailand

List from greylisting:

Thursday, August 31, 2017

Botnet Statistics [2017-08-30]

detection period: 2017-08-30 00:00-23:59 UTC
total number of suspected botnet IPs: 377
number of botnet IPs notified to network operators: 343
number of spam blocked: 35537
recipient count of spam blocked: 305074

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU68
2CMNET67
3Baidu35
4ALISOFT12
5VNPT-VNNIC-VN11
6BSNLNET8
7UNIFIEDLAYER-NETWORK-147
8CHINANET-JS7
9CHINANET-AH7
10LSN-DLLSTX-86

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China230
2India29
3Viet Nam21
4United States15
5Iran12
6Russian Federation5
7Brazil5
8Colombia4
9Canada4
10Taiwan3

Suspected Bot List [2017-08-30]

detection period: 2017-08-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH125.26.207.22Thailand
UY179.24.115.79Uruguay

List from greylisting:

Wednesday, August 30, 2017

Botnet Statistics [2017-08-29]

detection period: 2017-08-29 00:00-23:59 UTC
total number of suspected botnet IPs: 310
number of botnet IPs notified to network operators: 284
number of spam blocked: 18297
recipient count of spam blocked: 123191

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU75
2CMNET42
3Baidu26
4ALISOFT10
5VNPT-VNNIC-VN9
6CHINANET-AH6
7HICHINA5
8CHINANET-GD5
9TencentCloud4
10LSN-DLLSTX-24

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China205
2India21
3Viet Nam14
4United States14
5Thailand6
6Chile5
7Taiwan3
8Turkey3
9Tunisia3
10Russian Federation3

Suspected Bot List [2017-08-29]

detection period: 2017-08-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 26

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
TH122.154.239.109Thailand
TH125.26.207.22Thailand
UY179.26.236.58Uruguay

List from greylisting:

Tuesday, August 29, 2017

Botnet Statistics [2017-08-28]

detection period: 2017-08-28 00:00-23:59 UTC
total number of suspected botnet IPs: 232
number of botnet IPs notified to network operators: 218
number of spam blocked: 20488
recipient count of spam blocked: 29399

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET46
2WASU41
3Baidu27
4CHINANET-JS12
5HOSTWINDS-19-17
6CHINANET-GD7
7LSN-DLLSTX-26
8VNPT-VNNIC-VN5
9CHINANET-SD5
10CHINANET-AH5

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China164
2United States15
3India11
4Viet Nam8
5Russian Federation3
6Iran3
7Ukraine2
8Thailand2
9Hong Kong2
10Brazil2

Suspected Bot List [2017-08-28]

detection period: 2017-08-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 14

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Monday, August 28, 2017

Botnet Statistics [2017-08-27]

detection period: 2017-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 118
number of botnet IPs notified to network operators: 113
number of spam blocked: 9372
recipient count of spam blocked: 53993

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu25
2CHINANET-JS11
3CMNET6
4CHINANET-AH6
5CHINANET-ZJ-TZ5
6CHINANET-GD5
7WASU4
8LSN-DLLSTX-14
9CHINANET-SD4
10CHINANET-HB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China84
2United States10
3Viet Nam2
4Taiwan2
5Turkey2
6Pakistan2
7Chile2
8Thailand1
9Russian Federation1
10Romania1

Suspected Bot List [2017-08-27]

detection period: 2017-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 5

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
IN122.165.237.29India
PK202.61.51.123Pakistan

List from greylisting:

Sunday, August 27, 2017

Botnet Statistics [2017-08-26]

detection period: 2017-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 91
number of botnet IPs notified to network operators: 88
number of spam blocked: 14115
recipient count of spam blocked: 29286

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu23
2CHINANET-JS11
3CHINANET-GD8
4LSN-DLLSTX-15
5CMNET5
6CHINANET-ZJ-TZ4
7CHINANET-HB4
8HICHINA3
9CHINANET-AH3
10CHINANET-SD2

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China69
2United States8
3Russian Federation2
4Kazakhstan2
5South Africa1
6Viet Nam1
7Turkey1
8Thailand1
9Poland1
10Malaysia1

Suspected Bot List [2017-08-26]

detection period: 2017-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 3

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Saturday, August 26, 2017

Botnet Statistics [2017-08-25]

detection period: 2017-08-25 00:00-23:59 UTC
total number of suspected botnet IPs: 256
number of botnet IPs notified to network operators: 216
number of spam blocked: 26658
recipient count of spam blocked: 75830

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET30
2Baidu27
3WASU23
4VNPT-VNNIC-VN12
5CHINANET-GD9
6ALISOFT8
7UNIFIEDLAYER-NETWORK-147
8PSINETA4
9CHINANET-JS4
10CHINANET-HB4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China130
2Viet Nam21
3India17
4United States13
5Indonesia5
6Thailand4
7Chile4
8Taiwan3
9Turkey3
10Pakistan3

Suspected Bot List [2017-08-25]

detection period: 2017-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 40

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
BO190.129.65.242Bolivia
DE185.172.56.56Germany
TH125.26.207.22Thailand
UY167.57.94.26Uruguay

List from greylisting:

Friday, August 25, 2017

Botnet Statistics [2017-08-24]

detection period: 2017-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 246
number of botnet IPs notified to network operators: 218
number of spam blocked: 32480
recipient count of spam blocked: 57369

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET57
2Baidu27
3WASU23
4VNPT-VNNIC-VN9
5CHINANET-GD8
6UNIFIEDLAYER-NETWORK-146
7PSINETA6
8RIMA4
9UNICOM-HN3
10FPT-VN3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China137
2Viet Nam19
3India17
4United States13
5Spain6
6Colombia5
7Brazil5
8Pakistan4
9Turkey2
10Portugal2

Suspected Bot List [2017-08-24]

detection period: 2017-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 28

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:

Thursday, August 24, 2017

Botnet Statistics [2017-08-23]

detection period: 2017-08-23 00:00-23:59 UTC
total number of suspected botnet IPs: 162
number of botnet IPs notified to network operators: 137
number of spam blocked: 27360
recipient count of spam blocked: 81859

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu27
2VNPT-VNNIC-VN7
3UNIFIEDLAYER-NETWORK-146
4CMNET5
5BSNLNET5
6BHARTI-IN5
7CHINANET-GD4
8AMANAH4
9ALISOFT4
10TencentCloud3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China48
2India22
3United States16
4Viet Nam15
5Pakistan6
6Turkey5
7Canada5
8Indonesia4
9Brazil4
10Thailand3

Suspected Bot List [2017-08-23]

detection period: 2017-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
IN1.186.128.5India
JO185.98.225.114Jordan
PK202.61.51.123Pakistan
TH61.7.236.60Thailand
TH125.26.207.22Thailand
UY167.56.166.56Uruguay
UY179.25.70.99Uruguay

List from greylisting:

Wednesday, August 23, 2017

Botnet Statistics [2017-08-22]

detection period: 2017-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 216
number of botnet IPs notified to network operators: 191
number of spam blocked: 30501
recipient count of spam blocked: 88297

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU33
2Baidu27
3CMNET19
4UNIFIEDLAYER-NETWORK-147
5CHINANET-JS6
6ALISOFT6
7WASU-BB5
8CHINANET-GD5
9VNPT-VNNIC-VN4
10TencentCloud4

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China124
2United States14
3Viet Nam13
4India9
5Thailand6
6Iran5
7Colombia5
8Taiwan4
9Turkey4
10Poland3

Suspected Bot List [2017-08-22]

detection period: 2017-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 25

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
TH110.164.161.77Thailand
TH119.46.209.163Thailand
TH125.25.170.138Thailand
TH125.26.207.22Thailand
UY167.57.121.198Uruguay

List from greylisting:

Tuesday, August 22, 2017

Botnet Statistics [2017-08-21]

detection period: 2017-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 263
number of botnet IPs notified to network operators: 244
number of spam blocked: 30846
recipient count of spam blocked: 63630

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET72
2WASU63
3Baidu27
4HOSTWINDS-19-16
5ALISOFT6
6UNIFIEDLAYER-NETWORK-145
7CHINANET-GD4
8TencentCloud3
9MSFT3
10CHINANET-ZJ3

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China209
2United States14
3Netherlands3
4Chile3
5Uruguay2
6Taiwan2
7Turkey2
8Thailand2
9Peru2
10Indonesia2