Custom Search

Friday, June 30, 2017

Botnet Statistics [2017-06-29]

detection period: 2017-06-29 00:00-23:59 UTC
total number of suspected botnet IPs: 721
number of botnet IPs notified to network operators: 676
number of spam blocked: 74608
recipient count of spam blocked: 1069399

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ135
2WASU111
3CMNET101
4MOL-LEASE1327
5CC-1424
6VNPT-VNNIC-VN23
7CUBEMOTION19
8CHINANET-GD17
9SC7002-162-216-1-64-2816
10HOSTKEY-NET16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China440
2United States92
3Viet Nam56
4Russian Federation33
5Netherlands16
6Brazil11
7Taiwan8
8Romania7
9United Kingdom7
10South Korea6

Suspected Bot List [2017-06-29]

detection period: 2017-06-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 70

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
IN1.186.128.5India
IN182.74.55.246India
IN203.115.99.218India
MO116.193.10.34Macau
MO116.193.10.35Macau
NL185.130.225.101Netherlands
NL185.130.225.102Netherlands
NL185.130.225.103Netherlands
NL185.130.225.104Netherlands
NL185.130.225.105Netherlands
NL185.130.225.106Netherlands
NL185.130.225.107Netherlands
NL185.130.225.108Netherlands
NL185.130.225.109Netherlands
NL185.130.225.110Netherlands
NL185.130.225.111Netherlands
NL185.130.225.112Netherlands
NL185.130.225.113Netherlands
NL185.130.225.114Netherlands
NL185.130.225.115Netherlands
NL185.130.225.116Netherlands
RU90.188.18.74Russian Federation
RU176.118.237.85Russian Federation
TH119.46.209.163Thailand
TH122.154.239.123Thailand
US198.167.142.17United States
US198.167.142.34United States
US198.167.142.41United States
US198.167.142.42United States
US198.167.142.43United States
US198.167.142.44United States
US198.167.142.45United States
US198.167.142.47United States
US198.167.142.48United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, June 29, 2017

Botnet Statistics [2017-06-28]

detection period: 2017-06-28 00:00-23:59 UTC
total number of suspected botnet IPs: 649
number of botnet IPs notified to network operators: 615
number of spam blocked: 64788
recipient count of spam blocked: 776767

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ132
2WASU103
3CMNET102
4UA-VOLIA-2006112429
5UK-ABSTATION-2012071225
6CHINANET-GD22
7EONIX-NET-50-2-0-0-1-BLK-714
8LSN-DLLSTX-812
9CC-1012
10CC-0912

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China424
2United States92
3Ukraine30
4United Kingdom27
5Viet Nam11
6Russian Federation9
7Brazil6
8India5
9Taiwan4
10Poland4

Suspected Bot List [2017-06-28]

detection period: 2017-06-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 48

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
AR200.41.87.215Argentina
IN122.181.137.17India
IN203.115.99.218India
MO116.193.10.34Macau
MO116.193.10.35Macau
PL91.185.189.179Poland
RU37.1.16.4Russian Federation
RU90.188.18.74Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU185.130.104.198Russian Federation
TH203.151.206.113Thailand
US50.2.13.15United States
US50.2.13.16United States
US50.2.13.17United States
US50.2.13.18United States
US50.2.13.19United States
US50.2.13.20United States
US50.2.13.21United States
US50.2.13.22United States
US50.2.13.23United States
US50.2.13.24United States
US50.2.13.25United States
US50.2.13.26United States
US50.2.13.27United States
US50.2.13.28United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, June 28, 2017

Botnet Statistics [2017-06-27]

detection period: 2017-06-27 00:00-23:59 UTC
total number of suspected botnet IPs: 732
number of botnet IPs notified to network operators: 692
number of spam blocked: 72054
recipient count of spam blocked: 1006344

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU119
2CMNET119
3UNICOM-ZJ109
4MOL-LEASE1357
5PVS-BLOCK0116
6CUBEMOTION12
7CHINANET-GD12
8CC-1711
9VNPT-VNNIC-VN10
10EONIX-NET-173-44-128-0-1-BLK-410

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China450
2Russian Federation66
3United States63
4Viet Nam22
5Netherlands16
6Brazil11
7Taiwan9
8South Korea9
9Germany9
10India8

Suspected Bot List [2017-06-27]

detection period: 2017-06-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 54

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
ID103.254.107.10Indonesia
IN203.115.99.218India
JO79.173.252.192Jordan
MO116.193.10.34Macau
MO116.193.10.35Macau
PL91.185.189.179Poland
RO86.34.184.170Romania
RU37.1.9.189Russian Federation
RU83.242.222.4Russian Federation
RU84.53.192.243Russian Federation
RU90.188.18.74Russian Federation
RU176.118.237.85Russian Federation
RU185.130.104.198Russian Federation
TH103.253.73.95Thailand
TH203.151.206.113Thailand
US50.2.191.75United States
US50.2.191.76United States
US50.2.191.77United States
US50.2.191.78United States
US173.44.228.34United States
US173.44.228.35United States
US173.44.228.36United States
US173.44.228.37United States
US173.44.228.38United States
US173.44.228.39United States
US173.44.228.40United States
US173.44.228.41United States
US173.44.228.42United States
US173.44.228.43United States
VE190.202.116.101Venezuela
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, June 27, 2017

Botnet Statistics [2017-06-26]

detection period: 2017-06-26 00:00-23:59 UTC
total number of suspected botnet IPs: 753
number of botnet IPs notified to network operators: 668
number of spam blocked: 78304
recipient count of spam blocked: 1640555

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ114
2CMNET114
3WASU98
4CUBEMOTION34
5RU-ANDERS-2008102829
6CHINANET-GD18
7VNPT-VNNIC-VN16
8SERVERYOU-NET-LAX16
9PL-ARTNET-2012070413
10VIRTONO-NETWORKS-SRL11

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China419
2United States102
3Viet Nam41
4Russian Federation40
5India24
6Poland17
7Romania15
8Brazil10
9Taiwan8
10Thailand7

Suspected Bot List [2017-06-26]

detection period: 2017-06-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 120

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
IN1.186.128.5India
IN122.179.15.42India
IN171.48.48.175India
IN182.73.244.70India
IN202.56.255.50India
IN202.142.81.58India
IN203.115.99.218India
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.207.180.18Mexico
PL91.185.189.179Poland
RU37.1.46.238Russian Federation
RU80.254.115.87Russian Federation
RU84.53.192.243Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU185.130.104.198Russian Federation
RU212.164.221.82Russian Federation
RU213.183.45.226Russian Federation
RU213.183.45.227Russian Federation
RU213.183.45.228Russian Federation
RU213.183.45.229Russian Federation
RU213.183.45.230Russian Federation
RU213.183.45.232Russian Federation
RU213.183.45.233Russian Federation
RU213.183.45.234Russian Federation
RU213.183.45.235Russian Federation
RU213.183.45.236Russian Federation
RU213.183.45.237Russian Federation
RU213.183.45.238Russian Federation
RU213.183.45.239Russian Federation
RU213.183.45.240Russian Federation
RU213.183.45.241Russian Federation
RU213.183.45.242Russian Federation
RU213.183.45.243Russian Federation
RU213.183.45.244Russian Federation
RU213.183.45.245Russian Federation
RU213.183.45.246Russian Federation
RU213.183.45.247Russian Federation
RU213.183.45.248Russian Federation
RU213.183.45.249Russian Federation
RU213.183.45.250Russian Federation
RU213.183.45.251Russian Federation
RU213.183.45.252Russian Federation
RU213.183.45.253Russian Federation
RU213.183.45.254Russian Federation
TH103.40.132.18Thailand
TH122.155.197.9Thailand
TH203.151.206.113Thailand
US50.2.13.2United States
US50.2.13.5United States
US50.2.13.7United States
US50.2.13.8United States
US50.2.13.10United States
US50.2.13.12United States
US50.2.13.14United States
US206.125.41.139United States
VE150.187.41.90Venezuela
ZA196.46.23.122South Africa

List from greylisting:

Monday, June 26, 2017

Botnet Statistics [2017-06-25]

detection period: 2017-06-25 00:00-23:59 UTC
total number of suspected botnet IPs: 577
number of botnet IPs notified to network operators: 539
number of spam blocked: 67821
recipient count of spam blocked: 980661

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET101
2WASU76
3UNICOM-ZJ66
4CHINANET-GD32
5VNPT-VNNIC-VN26
6CC-1521
7UK-RAPIDSWITCH-2007041813
8HOSTKEY-NET13
9CUBEMOTION13
10ALISOFT12

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China350
2United States50
3Viet Nam46
4United Kingdom17
5Taiwan13
6Netherlands13
7Brazil7
8Romania5
9Argentina5
10Russian Federation4

Suspected Bot List [2017-06-25]

detection period: 2017-06-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 49

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
NL5.39.220.14Netherlands
NL5.39.220.15Netherlands
NL5.39.220.16Netherlands
NL5.39.220.17Netherlands
NL5.39.220.18Netherlands
NL5.39.220.19Netherlands
NL5.39.220.20Netherlands
NL5.39.220.21Netherlands
NL5.39.220.22Netherlands
NL5.39.220.23Netherlands
NL5.39.220.27Netherlands
RU176.118.237.85Russian Federation
TH103.3.65.51Thailand
TH103.253.73.95Thailand
TH203.151.206.113Thailand
UY167.56.130.139Uruguay
UY167.56.165.183Uruguay
ZA105.3.229.42South Africa
ZA196.46.23.122South Africa

List from greylisting:

Sunday, June 25, 2017

Botnet Statistics [2017-06-24]

detection period: 2017-06-24 00:00-23:59 UTC
total number of suspected botnet IPs: 346
number of botnet IPs notified to network operators: 313
number of spam blocked: 65488
recipient count of spam blocked: 1101725

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VNNIC-VN27
2CHINANET-GD24
3UA-VOLIA-2006112421
4BG-POWERNET-2007073119
5COLOAT15
6WASU14
7CMNET13
8CC-1412
9VIETEL-VN9
10UNICOM-ZJ8

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China106
2Viet Nam55
3United States43
4Ukraine25
5Bulgaria20
6Taiwan10
7Brazil10
8India8
9Russian Federation7
10Romania7

Suspected Bot List [2017-06-24]

detection period: 2017-06-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 34

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
PL91.185.189.179Poland
RU46.146.229.93Russian Federation
RU83.220.182.226Russian Federation
RU176.118.237.85Russian Federation
RU185.130.104.198Russian Federation
TH203.151.206.113Thailand
US68.188.71.230United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, June 24, 2017

Botnet Statistics [2017-06-23]

detection period: 2017-06-23 00:00-23:59 UTC
total number of suspected botnet IPs: 649
number of botnet IPs notified to network operators: 592
number of spam blocked: 66323
recipient count of spam blocked: 1372610

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET106
2WASU83
3UNICOM-ZJ58
4VNPT-VNNIC-VN24
5UK-RAPIDSWITCH-2007041815
6AHRDIRECT-NET15
7CHINANET-GD14
8COLOAT13
9VOLUMEDRIVE12
10CC-1711

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China319
2United States78
3Viet Nam50
4India44
5Netherlands16
6United Kingdom16
7Brazil16
8South Korea12
9Romania10
10Russian Federation8

Suspected Bot List [2017-06-23]

detection period: 2017-06-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 57

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AR181.231.28.20Argentina
ES79.148.86.159Spain
ID103.254.107.10Indonesia
IN182.73.244.70India
IN202.62.88.81India
IN203.115.109.254India
MO116.193.10.34Macau
PK202.61.51.123Pakistan
PL91.185.189.179Poland
RU90.188.18.74Russian Federation
RU176.118.237.85Russian Federation
RU212.164.221.82Russian Federation
TH58.137.112.204Thailand
TH203.151.206.113Thailand

List from greylisting:

Friday, June 23, 2017

Botnet Statistics [2017-06-22]

detection period: 2017-06-22 00:00-23:59 UTC
total number of suspected botnet IPs: 769
number of botnet IPs notified to network operators: 691
number of spam blocked: 65359
recipient count of spam blocked: 1404851

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1WASU109
2CMNET108
3UNICOM-ZJ57
4VNPT-VNNIC-VN51
5CHINANET-JS32
6SERVERCRATE-0326
7CHINANET-GD17
8HOSTKEY-NET16
9VIRTONO-NETWORKS-SRL13
10FPT-VN13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China413
2Viet Nam89
3United States72
4Russian Federation39
5Romania18
6India14
7Brazil14
8Bulgaria9
9Taiwan7
10Poland6

Suspected Bot List [2017-06-22]

detection period: 2017-06-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 95

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ES79.148.86.159Spain
ID103.254.107.10Indonesia
IN122.165.237.29India
IN182.73.244.70India
IN203.115.109.254India
IN223.196.86.227India
MO116.193.10.34Macau
MO116.193.10.35Macau
MX148.243.192.238Mexico
PK203.135.54.91Pakistan
RU46.17.101.213Russian Federation
RU46.17.101.219Russian Federation
RU46.17.101.220Russian Federation
RU46.17.101.221Russian Federation
RU46.17.101.222Russian Federation
RU46.17.101.223Russian Federation
RU46.17.101.224Russian Federation
RU46.17.101.225Russian Federation
RU46.17.101.226Russian Federation
RU46.17.101.227Russian Federation
RU46.17.101.228Russian Federation
RU46.249.2.197Russian Federation
RU84.53.192.243Russian Federation
RU90.188.18.74Russian Federation
RU176.118.237.85Russian Federation
RU213.183.47.230Russian Federation
RU213.183.47.231Russian Federation
RU213.183.47.232Russian Federation
RU213.183.47.233Russian Federation
RU213.183.47.234Russian Federation
RU213.183.47.235Russian Federation
TH103.40.132.18Thailand
TH183.89.120.171Thailand
TH203.151.206.113Thailand
UY167.56.19.172Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Thursday, June 22, 2017

Botnet Statistics [2017-06-21]

detection period: 2017-06-21 00:00-23:59 UTC
total number of suspected botnet IPs: 796
number of botnet IPs notified to network operators: 707
number of spam blocked: 83205
recipient count of spam blocked: 1613959

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET122
2WASU94
3CHINANET-JS54
4UNICOM-ZJ47
5CHINANET-GD36
6UA-VOLIA-2006112427
7VNPT-VNNIC-VN26
8EONIX-NET-173-44-128-0-1-BLK-423
9MIR-TELEMATIKI15
10CUBEMOTION13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China470
2United States85
3Viet Nam50
4Ukraine30
5Russian Federation27
6Brazil16
7India14
8Taiwan13
9Poland10
10Hong Kong10

Suspected Bot List [2017-06-21]

detection period: 2017-06-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 95

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
IN203.115.109.254India
IN223.196.86.227India
MO116.193.10.34Macau
MO116.193.10.35Macau
PL91.185.189.179Poland
RU46.17.98.70Russian Federation
RU46.17.98.85Russian Federation
RU46.249.2.197Russian Federation
RU84.53.192.243Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU195.98.189.178Russian Federation
US173.44.228.59United States
US173.44.228.60United States
US173.44.228.61United States
US173.44.228.62United States
ZA196.46.23.122South Africa

List from greylisting:

Suspected Bots' IP List for May 2017

To encourage cyber security information sharing (as some form of open data) while still giving victims enough time to clean up their computers, the IP list of suspected infected computers will be released here (as shown below). You are free to use them to create more effective defenses, discover latest trends in cyber attacks, etc.

Suspected Bots IP [2017-05-01]
Suspected Bots IP [2017-05-02]
Suspected Bots IP [2017-05-03]
Suspected Bots IP [2017-05-04]
Suspected Bots IP [2017-05-05]
Suspected Bots IP [2017-05-06]
Suspected Bots IP [2017-05-07]
Suspected Bots IP [2017-05-08]
Suspected Bots IP [2017-05-09]
Suspected Bots IP [2017-05-10]
Suspected Bots IP [2017-05-11]
Suspected Bots IP [2017-05-12]
Suspected Bots IP [2017-05-13]
Suspected Bots IP [2017-05-14]
Suspected Bots IP [2017-05-15]
Suspected Bots IP [2017-05-16]
Suspected Bots IP [2017-05-17]
Suspected Bots IP [2017-05-18]
Suspected Bots IP [2017-05-22]
Suspected Bots IP [2017-05-23]
Suspected Bots IP [2017-05-24]
Suspected Bots IP [2017-05-25]
Suspected Bots IP [2017-05-26]
Suspected Bots IP [2017-05-27]
Suspected Bots IP [2017-05-28]
Suspected Bots IP [2017-05-29]
Suspected Bots IP [2017-05-30]
Suspected Bots IP [2017-05-31]

Wednesday, June 21, 2017

Botnet Statistics [2017-06-20]

detection period: 2017-06-20 00:00-23:59 UTC
total number of suspected botnet IPs: 864
number of botnet IPs notified to network operators: 776
number of spam blocked: 120495
recipient count of spam blocked: 2762404

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET104
2WASU78
3UNICOM-ZJ50
4CHINANET-GD49
5CHINANET-JS31
6UA-VOLIA-2006112423
7VNPT-VNNIC-VN17
8HOSTKEY-NET16
9JOESDC-0115
10JLU-CN15

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China503
2United States88
3Viet Nam42
4Ukraine27
5Russian Federation25
6Netherlands17
7Brazil17
8India14
9Taiwan11
10Hong Kong8

Suspected Bot List [2017-06-20]

detection period: 2017-06-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 98

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
IN182.73.244.70India
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
MX201.163.21.226Mexico
MY161.139.20.49Malaysia
NL5.39.220.65Netherlands
NL5.39.220.76Netherlands
NL5.39.220.77Netherlands
NL5.39.220.78Netherlands
NL5.39.220.79Netherlands
NL5.39.220.80Netherlands
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU37.1.58.244Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU90.188.95.206Russian Federation
RU91.122.195.202Russian Federation
RU95.53.247.194Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU178.141.249.246Russian Federation
RU185.52.68.8Russian Federation
RU194.79.7.70Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
TH45.122.48.162Thailand
TH49.231.180.196Thailand
TH183.89.127.32Thailand
TH203.151.206.113Thailand
TH203.157.30.1Thailand
TW106.1.195.68Taiwan
US173.44.228.36United States
US173.44.228.37United States
US173.44.228.38United States
US173.44.228.39United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, June 20, 2017

Botnet Statistics [2017-06-19]

detection period: 2017-06-19 00:00-23:59 UTC
total number of suspected botnet IPs: 893
number of botnet IPs notified to network operators: 781
number of spam blocked: 112259
recipient count of spam blocked: 2757738

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET91
2WASU61
3VNPT-VNNIC-VN56
4UNICOM-ZJ39
5EONIX-NET-50-2-0-0-1-BLK-729
6SHARKTECH-328
7CHINANET-GD26
8CHINANET-JS21
9JLU-CN17
10MSFT16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China424
2United States106
3Viet Nam105
4Russian Federation33
5Brazil20
6United Kingdom17
7Romania16
8Taiwan14
9Bulgaria13
10South Korea11

Suspected Bot List [2017-06-19]

detection period: 2017-06-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 112

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ID219.83.84.146Indonesia
IN203.115.109.254India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU37.1.39.132Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU78.25.98.230Russian Federation
RU80.71.240.160Russian Federation
RU83.220.188.72Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU90.188.95.206Russian Federation
RU91.122.195.202Russian Federation
RU95.53.247.194Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU178.141.104.178Russian Federation
RU178.141.249.246Russian Federation
RU185.127.25.68Russian Federation
RU194.79.7.70Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TH103.3.65.51Thailand
TH203.151.206.113Thailand
TW106.1.195.68Taiwan
TW118.233.116.192Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, June 19, 2017

Botnet Statistics [2017-06-18]

detection period: 2017-06-18 00:00-23:59 UTC
total number of suspected botnet IPs: 766
number of botnet IPs notified to network operators: 708
number of spam blocked: 111100
recipient count of spam blocked: 2747151

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET83
2WASU53
3CHINANET-JS39
4CHINANET-GD34
5VNPT-VNNIC-VN30
6HINET-NET28
7PVS-BLOCK0116
8UK-RAPIDSWITCH-2009022514
9JLU-CN14
10HINET14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China404
2Viet Nam56
3United States53
4Taiwan44
5United Kingdom25
6Russian Federation18
7Netherlands17
8Brazil15
9Germany13
10Hong Kong11

Suspected Bot List [2017-06-18]

detection period: 2017-06-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 58

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CZ93.170.122.30Czech Republic
ID219.83.84.146Indonesia
IN202.62.88.81India
IN203.115.109.254India
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU80.71.246.68Russian Federation
RU83.169.208.218Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU95.53.247.194Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU178.141.186.48Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
SG112.140.184.136Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH49.231.180.196Thailand
TH103.3.65.51Thailand
TH203.151.206.113Thailand
TH203.156.163.35Thailand
TW106.1.195.68Taiwan
TW118.233.116.192Taiwan
US206.125.41.139United States
UY167.57.14.125Uruguay
UY167.57.135.202Uruguay
ZA196.46.23.122South Africa

List from greylisting:

Sunday, June 18, 2017

Botnet Statistics for May 2017

detection period: 2017-05-01 00:00 - 2017-05-31 23:59 UTC
total number of suspected botnet IPs: 14571
number of blocked spams: 643100
recipient count of blocked spams: 4254342

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry# of suspected botnet IPs
1China6404
2Viet Nam2010
3United States1789
4Ukraine1089
5India375
6Netherlands279
7Russian Federation226
8United Kingdom192
9Taiwan158
10Brazil122
11Estonia119
12South Korea92
13Argentina82
14Turkey80
15Romania78
16Bulgaria78
17Indonesia72
18Poland68
19Japan63
20Thailand62
21Italy59
22France55
23Iran50
24Hong Kong49
25Lithuania45

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

RankCountry# of blocked spams
1United States221666
2Ukraine98435
3United Kingdom49720
4Netherlands37318
5China36733
6Poland32928
7Russian Federation24025
8Hong Kong16047
9Bangladesh13834
10Estonia13343
11Belgium12617
12Canada11208
13Czech Republic10411
14Sweden7141
15Romania6995
16Turkey5582
17Bulgaria5555
18Virgin (British) Islands4608
19Lithuania3737
20Colombia3358
21Viet Nam3233
22Taiwan2740
23Nigeria2402
24Iceland2147
25Australia2120

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Botnet Statistics [2017-06-17]

detection period: 2017-06-17 00:00-23:59 UTC
total number of suspected botnet IPs: 743
number of botnet IPs notified to network operators: 679
number of spam blocked: 116713
recipient count of spam blocked: 2930076

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET61
2CHINANET-GD48
3WASU47
4VNPT-VNNIC-VN43
5CC-1523
6CHINANET-JS22
7JLU-CN18
8PL-ARTNET-2012070413
9CHINANET-JX13
10BG-POWERNET-2007073113

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China366
2Viet Nam86
3United States72
4Russian Federation29
5Poland19
6Brazil15
7Taiwan14
8Bulgaria14
9India12
10Singapore11

Suspected Bot List [2017-06-17]

detection period: 2017-06-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 64

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
DE136.243.22.27Germany
IN203.115.109.254India
IN223.196.86.227India
JO79.173.252.192Jordan
JO185.98.225.114Jordan
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PL91.185.189.179Poland
RU37.29.7.122Russian Federation
RU80.71.246.68Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SA88.85.228.90Saudi Arabia
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TR185.26.146.61Turkey
TW106.1.195.68Taiwan
US96.33.171.230United States
US104.176.105.3United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Saturday, June 17, 2017

Botnet Statistics [2017-06-16]

detection period: 2017-06-16 00:00-23:59 UTC
total number of suspected botnet IPs: 738
number of botnet IPs notified to network operators: 672
number of spam blocked: 139539
recipient count of spam blocked: 3170456

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1CMNET55
2WASU52
3CHINANET-GD48
4CHINANET-JS30
5UK-ABSTATION-2012071224
6VNPT-VNNIC-VN21
7JLU-CN19
8EONIX-NET-173-44-128-0-1-BLK-415
9PL-ARTNET-2012070413
10CUBEMOTION13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China393
2United States89
3Viet Nam37
4United Kingdom25
5Russian Federation24
6Poland16
7Brazil15
8Singapore11
9Romania10
10France9

Suspected Bot List [2017-06-16]

detection period: 2017-06-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 66

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
IN122.168.194.53India
IN223.196.86.227India
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX148.243.192.238Mexico
MX189.211.198.181Mexico
MY161.139.20.49Malaysia
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU31.173.216.163Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU46.249.12.24Russian Federation
RU80.71.246.68Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU185.188.182.25Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.34.39.230Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.136Singapore
SG112.140.184.139Singapore
SG112.140.184.147Singapore
SG112.140.187.82Singapore
TH103.3.65.51Thailand
TH122.154.239.122Thailand
TH203.151.206.113Thailand
TW106.1.195.68Taiwan
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Friday, June 16, 2017

Botnet Statistics [2017-06-15]

detection period: 2017-06-15 00:00-23:59 UTC
total number of suspected botnet IPs: 1032
number of botnet IPs notified to network operators: 948
number of spam blocked: 138018
recipient count of spam blocked: 2946944

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ168
2CMNET114
3WASU87
4CHINANET-GD43
5VNPT-VNNIC-VN34
6CHINANET-JS29
7JLU-CN23
8CHINANET-HA16
9DELTAHOST-NET15
10CNCBTJQ-NET14

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China679
2United States88
3Viet Nam52
4Russian Federation42
5Ukraine28
6France15
7Germany15
8Singapore10
9Taiwan9
10Brazil9

Suspected Bot List [2017-06-15]

detection period: 2017-06-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 84

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ID219.83.84.146Indonesia
LY197.215.136.166Libya
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PL91.185.189.179Poland
RU37.1.43.163Russian Federation
RU37.29.7.122Russian Federation
RU46.47.227.236Russian Federation
RU78.25.98.230Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU90.188.18.74Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.111.189.234Russian Federation
RU109.171.97.88Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU185.188.182.25Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TH49.231.180.196Thailand
TH61.7.228.51Thailand
TH203.151.206.113Thailand
TW106.1.195.68Taiwan
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Thursday, June 15, 2017

Botnet Statistics [2017-06-14]

detection period: 2017-06-14 00:00-23:59 UTC
total number of suspected botnet IPs: 1020
number of botnet IPs notified to network operators: 941
number of spam blocked: 115660
recipient count of spam blocked: 2507972

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ179
2CMNET102
3WASU84
4CHINANET-GD43
5VNPT-VNNIC-VN33
6CHINANET-JS25
7JLU-CN19
8CNCBTJQ-NET14
9CHINANET-HA14
10LADEDICATED213

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China635
2United States105
3Viet Nam67
4Russian Federation38
5France18
6India16
7Brazil15
8South Korea9
9Singapore8
10Romania8

Suspected Bot List [2017-06-14]

detection period: 2017-06-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 79

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
ID219.83.84.146Indonesia
IN223.196.86.227India
IT31.14.140.139Italy
MM103.27.118.146Myanmar
MO116.193.10.34Macau
MO116.193.10.35Macau
MX148.243.192.238Mexico
MX189.211.198.181Mexico
PK202.83.163.219Pakistan
PK203.135.54.91Pakistan
RU37.1.43.163Russian Federation
RU78.25.98.230Russian Federation
RU87.226.213.86Russian Federation
RU89.188.229.14Russian Federation
RU91.122.195.202Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.188.182.25Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU212.164.221.82Russian Federation
RU213.221.32.42Russian Federation
SG112.140.184.139Singapore
SG112.140.187.82Singapore
TH49.231.180.196Thailand
TH61.7.228.51Thailand
TH119.46.90.105Thailand
TH203.151.206.113Thailand
TH203.156.163.35Thailand
TW106.1.195.68Taiwan
US69.85.239.37United States
US96.33.171.230United States
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Wednesday, June 14, 2017

Botnet Statistics [2017-06-13]

detection period: 2017-06-13 00:00-23:59 UTC
total number of suspected botnet IPs: 903
number of botnet IPs notified to network operators: 845
number of spam blocked: 103968
recipient count of spam blocked: 2197315

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ138
2CMNET108
3WASU66
4VNPT-VNNIC-VN44
5COLOAT26
6JLU-CN23
7UK-RAPIDSWITCH-2009022516
8LSN-DLLSTX-114
9CHINANET-GD14
10CC-1813

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China496
2United States106
3Viet Nam80
4India40
5Russian Federation19
6United Kingdom16
7Brazil14
8Netherlands12
9Indonesia10
10Taiwan9

Suspected Bot List [2017-06-13]

detection period: 2017-06-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 58

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
IT31.14.140.139Italy
MO116.193.10.34Macau
MO116.193.10.35Macau
PK202.83.163.219Pakistan
RU37.1.5.35Russian Federation
RU37.29.7.122Russian Federation
RU78.25.98.230Russian Federation
RU87.226.213.86Russian Federation
RU90.188.18.74Russian Federation
RU91.122.195.202Russian Federation
RU109.111.189.234Russian Federation
RU176.118.237.85Russian Federation
RU195.98.189.178Russian Federation
RU195.190.124.202Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
TW106.1.195.68Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Tuesday, June 13, 2017

Botnet Statistics [2017-06-12]

detection period: 2017-06-12 00:00-23:59 UTC
total number of suspected botnet IPs: 945
number of botnet IPs notified to network operators: 868
number of spam blocked: 114548
recipient count of spam blocked: 2773334

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ107
2CMNET102
3WASU81
4HSI-432
5VNPT-VNNIC-VN30
6CHINANET-JS25
7JLU-CN22
8CHINANET-GD22
9UK-RAPIDSWITCH-2007041816
10CHINANET-JX16

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China553
2United States114
3Viet Nam66
4United Kingdom23
5Brazil20
6France18
7Russian Federation16
8India11
9Taiwan10
10Indonesia9

Suspected Bot List [2017-06-12]

detection period: 2017-06-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 77

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
DK217.157.8.180Denmark
ID219.83.84.146Indonesia
IN223.196.86.227India
KW37.34.243.227Kuwait
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.61.49.204Pakistan
PK202.83.163.219Pakistan
PK203.135.54.91Pakistan
PL91.185.189.179Poland
RU37.1.5.35Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU109.194.197.79Russian Federation
RU176.118.237.85Russian Federation
RU178.141.249.246Russian Federation
RU194.79.7.70Russian Federation
RU195.98.189.178Russian Federation
RU212.46.215.107Russian Federation
RU213.221.32.42Russian Federation
SE88.83.40.246Sweden
SG112.140.184.136Singapore
SG112.140.184.139Singapore
TW106.1.195.68Taiwan
US206.125.41.139United States
ZA196.46.23.122South Africa

List from greylisting:

Monday, June 12, 2017

Botnet Statistics [2017-06-11]

detection period: 2017-06-11 00:00-23:59 UTC
total number of suspected botnet IPs: 922
number of botnet IPs notified to network operators: 873
number of spam blocked: 118398
recipient count of spam blocked: 3203698

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-ZJ104
2CMNET100
3WASU89
4VNPT-VNNIC-VN45
5CHINANET-JS33
6VIRTONO-NETWORKS-SRL30
7NDCHOST29
8JLU-CN25
9CHINANET-GD22
10FPT-VN13

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

1China534
2Viet Nam98
3United States61
4Romania35
5Russian Federation18
6Brazil14
7Taiwan13
8United Kingdom13
9Bulgaria13
10Indonesia11

Suspected Bot List [2017-06-11]

detection period: 2017-06-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 49

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry
AE83.110.72.131Arab Emirates
AR181.231.28.20Argentina
CO190.60.234.186Colombia
ID219.83.84.146Indonesia
JO79.173.252.192Jordan
MM103.27.118.146Myanmar
MO116.193.10.34Macau
MO116.193.10.35Macau
MX189.211.198.181Mexico
PK202.61.49.204Pakistan
PL91.185.189.179Poland
RU37.1.5.35Russian Federation
RU37.1.38.108Russian Federation
RU87.226.213.86Russian Federation
RU109.94.95.237Russian Federation
RU109.171.97.88Russian Federation
RU176.118.237.85Russian Federation
RU185.127.25.68Russian Federation
RU195.98.189.178Russian Federation
RU212.46.215.107Russian Federation
TW106.1.195.68Taiwan
US206.125.41.139United States
UY167.57.43.8Uruguay
ZA196.46.23.122South Africa

List from greylisting: