Custom Search

Wednesday, July 31, 2019

Botnet Statistics [2019-07-30]

detection period: 2019-07-30 00:00-23:59 UTC
total number of suspected botnet IPs: 15956
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15146
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN542
2TencentCloud450
3DO-13435
4Baidu394
5HINET-NET338
6KORNET313
7VNPT-VN196
8GLOBAL-FRAG-NETWORKS183
9CHINANET-JS178
10AT-88-Z178

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3437
2United States2903
3France815
4India573
5Brazil523
6South Korea493
7Viet Nam474
8Russian Federation472
9Indonesia402
10Taiwan387

Suspected Bot List [2019-07-30]

detection period: 2019-07-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 810

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES79.146.185.129Spain

List from TCP port scans:

Tuesday, July 30, 2019

Botnet Statistics [2019-07-29]

detection period: 2019-07-29 00:00-23:59 UTC
total number of suspected botnet IPs: 16127
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15311
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN533
2TencentCloud438
3DO-13400
4Baidu399
5KORNET320
6HINET-NET265
7GLOBAL-FRAG-NETWORKS230
8VNPT-VN208
9AT-88-Z189
10CHINANET-GD168

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3478
2United States3012
3France820
4India560
5Viet Nam524
6Brazil517
7South Korea515
8Russian Federation452
9Indonesia432
10Singapore361

Suspected Bot List [2019-07-29]

detection period: 2019-07-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 816

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
CA96.53.66.226Canada

List from TCP port scans:

Monday, July 29, 2019

Botnet Statistics [2019-07-28]

detection period: 2019-07-28 00:00-23:59 UTC
total number of suspected botnet IPs: 15642
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14889
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN532
2TencentCloud429
3Baidu400
4DO-13376
5HINET-NET322
6KORNET310
7AT-88-Z302
8GLOBAL-FRAG-NETWORKS260
9MSFT165
10OVH160

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3414
2United States3065
3France824
4India494
5South Korea491
6Brazil473
7Russian Federation427
8Viet Nam395
9Taiwan372
10Singapore360

Suspected Bot List [2019-07-28]

detection period: 2019-07-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 753

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, July 28, 2019

Botnet Statistics [2019-07-27]

detection period: 2019-07-27 00:00-23:59 UTC
total number of suspected botnet IPs: 17163
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16358
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN525
2GLOBAL-FRAG-NETWORKS481
3TencentCloud441
4Baidu390
5AT-88-Z382
6DO-13380
7KORNET336
8HINET-NET324
9PNAP-06-2001216
10MSFT165

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4090
2United States3294
3France801
4Brazil569
5India555
6South Korea532
7Russian Federation433
8Viet Nam406
9Taiwan383
10Indonesia374

Suspected Bot List [2019-07-27]

detection period: 2019-07-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 805

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DE116.203.91.122Germany
FR176.130.149.145France
JP133.204.120.3Japan
US18.85.192.253United States

List from TCP port scans:

Saturday, July 27, 2019

Botnet Statistics [2019-07-26]

detection period: 2019-07-26 00:00-23:59 UTC
total number of suspected botnet IPs: 17994
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17063
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN544
2TencentCloud457
3DO-13439
4AT-88-Z394
5Baidu375
6KORNET340
7HINET-NET264
8MSFT193
9OVH191
10VNPT-VN189

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States3711
2China3615
3France947
4India638
5Brazil561
6South Korea539
7Viet Nam486
8Russian Federation486
9Indonesia455
10Singapore378

Suspected Bot List [2019-07-26]

detection period: 2019-07-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 931

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, July 26, 2019

Botnet Statistics [2019-07-25]

detection period: 2019-07-25 00:00-23:59 UTC
total number of suspected botnet IPs: 17658
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16702
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN531
2TencentCloud441
3DO-13434
4Baidu351
5AT-88-Z335
6KORNET316
7HINET-NET306
8PNAP-06-2001237
9OVH195
10VNPT-VN192

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States3685
2China3313
3France957
4India599
5Brazil536
6South Korea513
7Viet Nam480
8Russian Federation469
9Indonesia433
10Germany415

Suspected Bot List [2019-07-25]

detection period: 2019-07-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 956

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
CA51.79.130.164Canada

List from TCP port scans:

Thursday, July 25, 2019

Botnet Statistics [2019-07-24]

detection period: 2019-07-24 00:00-23:59 UTC
total number of suspected botnet IPs: 17900
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16998
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN539
2TencentCloud449
3DO-13425
4GLOBAL-FRAG-NETWORKS403
5Baidu334
6KORNET332
7HINET-NET263
8AT-88-Z261
9VNPT-VN215
10OVH179

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States3954
2China3269
3France939
4India623
5Brazil581
6South Korea532
7Viet Nam516
8Russian Federation484
9Indonesia442
10Germany389

Suspected Bot List [2019-07-24]

detection period: 2019-07-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 903

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DE116.203.91.122Germany
SN154.124.41.168Senegal
US18.85.192.253United States
US45.35.104.12United States

List from TCP port scans:

Wednesday, July 24, 2019

Botnet Statistics [2019-07-23]

detection period: 2019-07-23 00:00-23:59 UTC
total number of suspected botnet IPs: 13152
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12450
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS328
2TENCENT-CN323
3KORNET300
4TencentCloud291
5DO-13254
6VNPT-VN243
7HINET-NET238
8PSYCHZ-NETWORKS210
9Baidu197
10OVH154

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2433
2China2219
3France700
4Viet Nam544
5India521
6South Korea467
7Brazil460
8Indonesia445
9Russian Federation400
10Singapore270

Suspected Bot List [2019-07-23]

detection period: 2019-07-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 702

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DO196.3.81.11Dominican Republic
ES88.28.211.226Spain
NG41.203.76.254Nigeria

List from TCP port scans:

Tuesday, July 23, 2019

Botnet Statistics [2019-07-22]

detection period: 2019-07-22 00:00-23:59 UTC
total number of suspected botnet IPs: 14669
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13855
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS386
2PSYCHZ-NETWORKS374
3TENCENT-CN331
4TencentCloud305
5KORNET296
6DO-13268
7VNPT-VN264
8HINET-NET209
9Baidu203
10OVH157

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2960
2China2380
3France722
4India596
5Viet Nam575
6Russian Federation516
7Brazil505
8South Korea475
9Indonesia449
10Singapore285

Suspected Bot List [2019-07-22]

detection period: 2019-07-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 814

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DO196.3.81.11Dominican Republic
ES88.28.211.226Spain

List from TCP port scans:

Monday, July 22, 2019

Botnet Statistics [2019-07-21]

detection period: 2019-07-21 00:00-23:59 UTC
total number of suspected botnet IPs: 13306
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12613
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1PSYCHZ-NETWORKS376
2KORNET316
3DO-13293
4TENCENT-CN235
5GLOBAL-FRAG-NETWORKS233
6TencentCloud223
7Baidu161
8HINET-NET150
9VNPT-VN147
10OVH147

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2773
2China2065
3France715
4South Korea503
5Brazil485
6India457
7Russian Federation441
8Viet Nam372
9Indonesia325
10Singapore287

Suspected Bot List [2019-07-21]

detection period: 2019-07-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 693

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
CH51.154.54.2Switzerland

List from TCP port scans:

Sunday, July 21, 2019

Botnet Statistics [2019-07-20]

detection period: 2019-07-20 00:00-23:59 UTC
total number of suspected botnet IPs: 14207
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13422
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS423
2KORNET305
3DO-13258
4HINET-NET246
5PSYCHZ-NETWORKS224
6VNPT-VN212
7TencentCloud194
8TENCENT-CN189
9OVH133
10TELKOMNET131

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2273
2United States2136
3France655
4India629
5Brazil614
6Russian Federation605
7Indonesia524
8South Korea502
9Viet Nam484
10Taiwan292

Suspected Bot List [2019-07-20]

detection period: 2019-07-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 785

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
MU196.27.115.50Mauritius
US18.85.192.253United States

List from TCP port scans:

Saturday, July 20, 2019

Botnet Statistics [2019-07-19]

detection period: 2019-07-19 00:00-23:59 UTC
total number of suspected botnet IPs: 14092
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13267
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS321
2KORNET302
3VNPT-VN295
4DO-13259
5PSYCHZ-NETWORKS241
6TencentCloud189
7TENCENT-CN187
8TELKOMNET168
9HINET-NET167
10VIETTEL-VN153

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2215
2United States2113
3France688
4Viet Nam624
5India596
6Russian Federation595
7Brazil585
8Indonesia556
9South Korea494
10Thailand280

Suspected Bot List [2019-07-19]

detection period: 2019-07-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 825

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
IT78.13.107.53Italy

List from TCP port scans:

Friday, July 19, 2019

Botnet Statistics [2019-07-18]

detection period: 2019-07-18 00:00-23:59 UTC
total number of suspected botnet IPs: 13336
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12561
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS384
2KORNET316
3VNPT-VN282
4DO-13273
5PSYCHZ-NETWORKS245
6TencentCloud193
7TENCENT-CN190
8HINET-NET182
9TELKOMNET161
10VIETTEL-VN140

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2482
2China1743
3France665
4Viet Nam620
5India614
6Brazil540
7South Korea498
8Russian Federation492
9Indonesia474
10Thailand270

Suspected Bot List [2019-07-18]

detection period: 2019-07-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 775

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
PK103.213.115.249Pakistan

List from TCP port scans:

Thursday, July 18, 2019

Botnet Statistics [2019-07-17]

detection period: 2019-07-17 00:00-23:59 UTC
total number of suspected botnet IPs: 13788
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13010
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS440
2KORNET325
3VNPT-VN282
4DO-13255
5PSYCHZ-NETWORKS234
6HINET-NET200
7TENCENT-CN197
8TencentCloud192
9VIETTEL-VN171
10TELKOMNET169

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2239
2United States2112
3France692
4India635
5Viet Nam621
6South Korea529
7Indonesia513
8Brazil503
9Russian Federation489
10Singapore255

Suspected Bot List [2019-07-17]

detection period: 2019-07-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 778

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
PK103.213.115.249Pakistan

List from TCP port scans:

Wednesday, July 17, 2019

Botnet Statistics [2019-07-16]

detection period: 2019-07-16 00:00-23:59 UTC
total number of suspected botnet IPs: 13923
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13144
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1GLOBAL-FRAG-NETWORKS435
2KORNET318
3DO-13267
4HINET-NET235
5VNPT-VN227
6TENCENT-CN208
7TencentCloud201
8TELKOMNET147
9OVH146
10Baidu129

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2350
2China1937
3France776
4India627
5Brazil595
6Viet Nam512
7South Korea511
8Russian Federation490
9Indonesia481
10Taiwan281

Suspected Bot List [2019-07-16]

detection period: 2019-07-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 779

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, July 16, 2019

Botnet Statistics [2019-07-15]

detection period: 2019-07-15 00:00-23:59 UTC
total number of suspected botnet IPs: 14975
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14294
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1KORNET348
2HINET-NET314
3TENCENT-CN291
4DO-13280
5TencentCloud274
6VNPT-VN271
7GLOBAL-FRAG-NETWORKS230
8Baidu186
9VIETTEL-VN170
10TELKOMNET155

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2532
2United States2198
3France780
4Brazil719
5India686
6Viet Nam637
7South Korea548
8Indonesia530
9Russian Federation476
10Taiwan370

Suspected Bot List [2019-07-15]

detection period: 2019-07-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 681

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, July 15, 2019

Botnet Statistics [2019-07-14]

detection period: 2019-07-14 00:00-23:59 UTC
total number of suspected botnet IPs: 13630
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12956
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN418
2TencentCloud355
3HINET-NET320
4DO-13286
5GLOBAL-FRAG-NETWORKS262
6Baidu237
7KORNET214
8VNPT-VN149
9OVH147
10AT-88-Z138

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2644
2United States2432
3France655
4Brazil563
5India511
6Russian Federation411
7Viet Nam402
8South Korea389
9Taiwan373
10Indonesia373

Suspected Bot List [2019-07-14]

detection period: 2019-07-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 674

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, July 14, 2019

Botnet Statistics [2019-07-13]

detection period: 2019-07-13 00:00-23:59 UTC
total number of suspected botnet IPs: 13464
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12817
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN413
2TencentCloud339
3HINET-NET316
4DO-13273
5GLOBAL-FRAG-NETWORKS235
6Baidu231
7KORNET182
8VNPT-VN171
9OVH141
10DIGITALOCEAN-8125

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2568
2United States2427
3France632
4India556
5Brazil542
6Viet Nam431
7Russian Federation404
8South Korea377
9Indonesia364
10Taiwan355

Suspected Bot List [2019-07-13]

detection period: 2019-07-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 647

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KR210.115.227.90South Korea
US18.85.192.253United States
ZA156.155.136.254South Africa

List from TCP port scans:

Saturday, July 13, 2019

Botnet Statistics [2019-07-12]

detection period: 2019-07-12 00:00-23:59 UTC
total number of suspected botnet IPs: 14299
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13522
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN416
2TencentCloud340
3DO-13276
4HINET-NET273
5VNPT-VN249
6GLOBAL-FRAG-NETWORKS240
7Baidu235
8KORNET207
9TELKOMNET153
10OVH148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2818
2United States2307
3France692
4India630
5Brazil584
6Viet Nam548
7Indonesia463
8Russian Federation439
9South Korea390
10Taiwan318

Suspected Bot List [2019-07-12]

detection period: 2019-07-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 777

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
CI213.136.105.61Ivory Coast
IT78.15.82.238Italy
MZ41.76.149.212Mozambique
PL31.11.139.126Poland
ZA156.155.136.254South Africa

List from TCP port scans:

Friday, July 12, 2019

Botnet Statistics [2019-07-11]

detection period: 2019-07-11 00:00-23:59 UTC
total number of suspected botnet IPs: 14634
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13895
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN432
2TencentCloud366
3VNPT-VN300
4DO-13270
5Baidu238
6KORNET197
7HINET-NET174
8VIETTEL-VN171
9OVH148
10TELKOMNET147

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2579
2United States2162
3France678
4Viet Nam674
5India674
6Brazil625
7Russian Federation491
8Indonesia481
9South Korea385
10Thailand282

Suspected Bot List [2019-07-11]

detection period: 2019-07-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 739

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
US18.85.192.253United States

List from TCP port scans:

Thursday, July 11, 2019

Botnet Statistics [2019-07-10]

detection period: 2019-07-10 00:00-23:59 UTC
total number of suspected botnet IPs: 15245
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14357
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN442
2TencentCloud374
3DO-13312
4VNPT-VN263
5Baidu249
6KORNET203
7GLOBAL-FRAG-NETWORKS183
8TELKOMNET179
9HINET-NET163
10OVH156

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2845
2United States2287
3France698
4India674
5Brazil670
6Viet Nam603
7Russian Federation520
8Indonesia508
9South Korea406
10Singapore252

Suspected Bot List [2019-07-10]

detection period: 2019-07-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 888

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BW168.167.30.244Botswana
ZA156.155.136.254South Africa

List from TCP port scans:

Wednesday, July 10, 2019

Botnet Statistics [2019-07-09]

detection period: 2019-07-09 00:00-23:59 UTC
total number of suspected botnet IPs: 13161
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12477
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN382
2TencentCloud323
3VNPT-VN283
4DO-13281
5Baidu205
6HINET-NET186
7KORNET180
8OVH146
9TELKOMNET138
10DIGITALOCEAN-8134

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2246
2United States2086
3France635
4Viet Nam592
5India585
6Brazil566
7Russian Federation462
8Indonesia436
9South Korea369
10Singapore248

Suspected Bot List [2019-07-09]

detection period: 2019-07-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 684

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, July 9, 2019

Botnet Statistics [2019-07-08]

detection period: 2019-07-08 00:00-23:59 UTC
total number of suspected botnet IPs: 13411
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12746
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN406
2TencentCloud346
3DO-13274
4VNPT-VN257
5Baidu217
6KORNET192
7GLOBAL-FRAG-NETWORKS171
8HINET-NET147
9OVH146
10VIETTEL-VN141

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2569
2United States2193
3France684
4India602
5Viet Nam556
6Brazil534
7Russian Federation424
8Indonesia416
9South Korea383
10Thailand254

Suspected Bot List [2019-07-08]

detection period: 2019-07-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 665

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ZA156.155.136.254South Africa

List from TCP port scans:

Monday, July 8, 2019

Botnet Statistics [2019-07-07]

detection period: 2019-07-07 00:00-23:59 UTC
total number of suspected botnet IPs: 12384
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 11793
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN402
2TencentCloud360
3DO-13283
4Baidu220
5KORNET177
6HINET-NET168
7GLOBAL-FRAG-NETWORKS158
8OVH145
9VNPT-VN135
10DIGITALOCEAN-8134

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2381
2United States2140
3France643
4Brazil529
5India476
6Russian Federation402
7Viet Nam366
8South Korea362
9Indonesia289
10Singapore252

Suspected Bot List [2019-07-07]

detection period: 2019-07-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 591

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, July 7, 2019

Botnet Statistics [2019-07-06]

detection period: 2019-07-06 00:00-23:59 UTC
total number of suspected botnet IPs: 13489
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12772
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN413
2TencentCloud368
3GLOBAL-FRAG-NETWORKS348
4DO-13292
5Baidu229
6KORNET207
7HINET-NET202
8VNPT-VN187
9VIETTEL-VN151
10OVH151

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2476
2United States2424
3France671
4Brazil580
5India569
6Viet Nam516
7Russian Federation444
8South Korea388
9Indonesia350
10Singapore257

Suspected Bot List [2019-07-06]

detection period: 2019-07-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 717

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
GH197.251.207.20Ghana
NG41.203.76.254Nigeria

List from TCP port scans:

Saturday, July 6, 2019

Botnet Statistics [2019-07-05]

detection period: 2019-07-05 00:00-23:59 UTC
total number of suspected botnet IPs: 12521
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 11885
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN371
2TencentCloud337
3VNPT-VN263
4HINET-NET230
5DO-13228
6Baidu206
7KORNET183
8VIETTEL-VN149
9DIGITALOCEAN-8142
10OVH123

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2428
2United States1817
3India593
4Viet Nam591
5France555
6Brazil502
7Russian Federation493
8Indonesia384
9South Korea358
10Taiwan272

Suspected Bot List [2019-07-05]

detection period: 2019-07-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 636

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
GH197.251.207.20Ghana

List from TCP port scans:

Friday, July 5, 2019

Botnet Statistics [2019-07-04]

detection period: 2019-07-04 00:00-23:59 UTC
total number of suspected botnet IPs: 13414
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12741
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN390
2TencentCloud343
3VNPT-VN291
4DO-13252
5Baidu216
6PSYCHZ-NETWORKS205
7GLOBAL-FRAG-NETWORKS203
8KORNET182
9HINET-NET161
10TELKOMNET135

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2482
2United States2355
3Viet Nam617
4France586
5India562
6Brazil522
7Russian Federation480
8Indonesia455
9South Korea342
10Italy225

Suspected Bot List [2019-07-04]

detection period: 2019-07-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 673

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BR187.57.158.47Brazil
FR164.177.29.65France
GH197.251.207.20Ghana

List from TCP port scans:

Thursday, July 4, 2019

Botnet Statistics [2019-07-03]

detection period: 2019-07-03 00:00-23:59 UTC
total number of suspected botnet IPs: 13378
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12654
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN390
2TencentCloud344
3PSYCHZ-NETWORKS298
4VNPT-VN265
5DO-13244
6Baidu214
7KORNET188
8HINET-NET188
9DIGITALOCEAN-8144
10GLOBAL-FRAG-NETWORKS138

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2511
2China2285
3France609
4India606
5Viet Nam599
6Brazil515
7Russian Federation463
8Indonesia435
9South Korea349
10Mexico287

Suspected Bot List [2019-07-03]

detection period: 2019-07-03 00:00-23:59 UTC
number of suspected bots' IPs listed here: 724

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
TN41.231.56.98Tunisia
ZA169.0.86.85South Africa

List from TCP port scans:

Wednesday, July 3, 2019

Botnet Statistics [2019-07-02]

detection period: 2019-07-02 00:00-23:59 UTC
total number of suspected botnet IPs: 13987
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13155
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN405
2TencentCloud346
3VNPT-VN286
4PSYCHZ-NETWORKS284
5DO-13278
6Baidu220
7KORNET197
8HINET-NET195
9DIGITALOCEAN-8152
10TELKOMNET149

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1United States2463
2China2407
3Viet Nam617
4France610
5Brazil554
6India546
7Russian Federation473
8Indonesia447
9South Korea386
10Mexico293