Custom Search

Saturday, November 30, 2019

Botnet Statistics [2019-11-29]

detection period: 2019-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 19342
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18671
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud722
2TENCENT-CN594
3Baidu589
4VNPT-VN300
5KORNET286
6CHINANET-JS280
7HINET-NET236
8DO-13226
9VIETTEL-VN205
10CMNET199

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5515
2United States2177
3India913
4Viet Nam754
5Russian Federation747
6France733
7Brazil649
8Indonesia570
9South Korea460
10Singapore379

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12248206
244534209
322224151
42324039
5143320131
6338919136
72618465
8528812343
964410753
1064310304

Suspected Bot List [2019-11-29]

detection period: 2019-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 671

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
LK112.135.227.245Sri Lanka

List from TCP port scans:

Friday, November 29, 2019

Botnet Statistics [2019-11-28]

detection period: 2019-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 21097
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20312
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud748
2Baidu616
3TENCENT-CN595
4KORNET324
5VNPT-VN320
6CHINANET-JS286
7HINET-NET267
8VIETTEL-VN234
9CMNET230
10DO-13221

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6252
2United States2209
3India953
4Viet Nam820
5Russian Federation792
6France775
7Brazil651
8Indonesia614
9South Korea508
10Thailand412

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1802254156
244547995
32241243
42328413
522226618
6143317677
72615908
899910144
933899305
1026229052

Suspected Bot List [2019-11-28]

detection period: 2019-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 785

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
EG102.185.254.180Egypt
KE197.237.26.212Kenya

List from TCP port scans:

Thursday, November 28, 2019

Botnet Statistics [2019-11-27]

detection period: 2019-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 18701
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17955
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud682
2Baidu599
3TENCENT-CN557
4VNPT-VN312
5KORNET287
6CHINANET-JS275
7HINET-NET232
8CMNET217
9VIETTEL-VN211
10TELKOMNET211

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4834
2United States1968
3India887
4Viet Nam793
5Brazil727
6Russian Federation703
7France697
8Indonesia548
9Thailand488
10South Korea469

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144538623
22236935
3312929452
42326237
5227722269
62618208
7143314302
822213277
99999617
1022007496

Suspected Bot List [2019-11-27]

detection period: 2019-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 746

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, November 27, 2019

Botnet Statistics [2019-11-26]

detection period: 2019-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 20260
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19510
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud708
2Baidu598
3TENCENT-CN564
4HINET-NET371
5VNPT-VN333
6KORNET288
7CHINANET-JS248
8VIETTEL-VN230
9TELKOMNET208
10DIGITALOCEAN-12206

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4991
2United States1940
3Brazil1039
4India997
5Viet Nam853
6Russian Federation802
7Thailand760
8France722
9Indonesia560
10South Korea472

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144567662
22236454
32330224
4262227760
5312922548
62618050
7143317539
83202216238
9227712508
109999199

Suspected Bot List [2019-11-26]

detection period: 2019-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 750

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
CA51.79.18.171Canada
ES88.9.204.226Spain

List from TCP port scans:

Tuesday, November 26, 2019

Botnet Statistics [2019-11-25]

detection period: 2019-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 20373
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19608
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud726
2Baidu615
3TENCENT-CN572
4HINET-NET408
5VNPT-VN375
6KORNET301
7CHINANET-JS270
8TELKOMNET248
9CMNET239
10VIETTEL-VN236

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5213
2United States1932
3India954
4Viet Nam930
5Brazil841
6Russian Federation790
7France748
8Thailand739
9Indonesia660
10South Korea492

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
14022463946
244542332
32235328
42334823
51055820000
62618301
7143316858
899911611
9912210670
1033897384

Suspected Bot List [2019-11-25]

detection period: 2019-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 765

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
TN41.231.56.98Tunisia
ZA102.132.250.152South Africa

List from TCP port scans:

Monday, November 25, 2019

Botnet Statistics [2019-11-24]

detection period: 2019-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 18730
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18049
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud743
2Baidu632
3TENCENT-CN600
4HINET-NET354
5KORNET324
6CMNET234
7CHINANET-JS227
8DO-13201
9DIGITALOCEAN-12200
10VNPT-VN195

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5093
2United States2032
3France787
4Russian Federation784
5Brazil751
6India692
7Viet Nam583
8South Korea519
9Thailand466
10Taiwan447

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
14022263774
244538856
32330235
42223999
5503822897
699918625
72617019
8143312266
922009531
1015968741

Suspected Bot List [2019-11-24]

detection period: 2019-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 681

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES81.39.113.148Spain
ES150.214.168.161Spain
IN42.104.97.231India

List from TCP port scans:

Sunday, November 24, 2019

Botnet Statistics [2019-11-23]

detection period: 2019-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 21153
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20363
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud753
2Baidu636
3TENCENT-CN614
4HINET-NET465
5KORNET368
6VNPT-VN261
7CMNET244
8CHINANET-JS238
9DO-13221
10ACEVILLEPTELTD-SG209

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5240
2United States2102
3Brazil1100
4India1028
5France857
6Thailand794
7Russian Federation786
8Viet Nam720
9South Korea577
10Taiwan570

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
121119093
244561768
32334368
42226191
5666622905
62618570
799918419
8222018071
9143313427
10102229362

Suspected Bot List [2019-11-23]

detection period: 2019-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 790

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
GR150.140.135.211Greece
IN42.104.97.242India
NG41.87.80.26Nigeria

List from TCP port scans:

Friday, November 22, 2019

Botnet Statistics [2019-11-21]

detection period: 2019-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 18247
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17549
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud637
2Baidu595
3TENCENT-CN545
4HINET-NET420
5VNPT-VN314
6KORNET313
7CMNET227
8DIGITALOCEAN-12206
9CHINANET-JS204
10VIETTEL-VN202

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4652
2United States1931
3India903
4Viet Nam810
5France805
6Russian Federation692
7Brazil594
8Taiwan522
9South Korea512
10Indonesia512

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445144554
22331051
32227613
499913994
5222513887
6222611707
72611693
8143310907
96337506
1040007453

Suspected Bot List [2019-11-21]

detection period: 2019-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 698

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
IN43.241.120.83India
TN41.231.56.98Tunisia

List from TCP port scans:

Thursday, November 21, 2019

Botnet Statistics [2019-11-20]

detection period: 2019-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 19286
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18510
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud658
2Baidu604
3TENCENT-CN563
4KORNET344
5VNPT-VN328
6HINET-NET311
7CMNET249
8CHINANET-JS243
9TELKOMNET214
10DIGITALOCEAN-12203

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4966
2United States2033
3Viet Nam887
4India865
5France852
6Russian Federation784
7Brazil640
8Indonesia612
9South Korea562
10Thailand424

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445123371
22338200
32224265
499915406
5143313771
62612584
733899692
822008236
940007591
1033336857

Suspected Bot List [2019-11-20]

detection period: 2019-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 777

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ID103.219.112.1Indonesia
IN42.104.97.238India
TN41.231.5.110Tunisia
ZA155.93.250.147South Africa
ZA160.119.142.20South Africa

List from TCP port scans:

Wednesday, November 20, 2019

Botnet Statistics [2019-11-19]

detection period: 2019-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 20631
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19852
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA1039
2TencentCloud589
3Baidu566
4TENCENT-CN532
5VNPT-VN355
6KORNET311
7HINET-NET292
8CMNET254
9CHINANET-JS231
10CHINANET-GD231

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5895
2United States1926
3Brazil1030
4Viet Nam916
5India896
6Russian Federation776
7France747
8Thailand632
9Indonesia582
10South Korea515

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12353516
244548584
32232200
4143317436
52616707
633338592
770017974
833897930
988887671
1022247313

Suspected Bot List [2019-11-19]

detection period: 2019-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 715

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
MX189.232.105.10Mexico

List from TCP port scans:

Tuesday, November 19, 2019

Botnet Statistics [2019-11-18]

detection period: 2019-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 21907
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21192
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA1248
2TencentCloud586
3Baidu560
4TENCENT-CN532
5VNPT-VN358
6HINET-NET356
7KORNET300
8VIETTEL-VN254
9TELKOMNET237
10CMNET222

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5997
2United States1915
3Brazil1345
4India978
5Viet Nam964
6Russian Federation825
7Thailand781
8France719
9Indonesia639
10South Korea507

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445157353
22359390
32223102
4143320692
5112214916
62262212741
7227712195
82611878
9223228543
1033896913

Suspected Bot List [2019-11-18]

detection period: 2019-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 715

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, November 18, 2019

Botnet Statistics [2019-11-17]

detection period: 2019-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 19459
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18825
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA1093
2TencentCloud609
3Baidu583
4TENCENT-CN541
5HINET-NET379
6KORNET299
7CHINANET-JS229
8CMNET213
9VNPT-VN211
10DIGITALOCEAN-12205

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5707
2United States1969
3Brazil1053
4France766
5Russian Federation701
6India698
7Thailand688
8Viet Nam625
9South Korea492
10Taiwan466

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445282847
22350504
32221767
41002113319
5143310817
62610018
722249072
822238531
922907487
1022006928

Suspected Bot List [2019-11-17]

detection period: 2019-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 634

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
NG41.87.80.26Nigeria
UNKNOWN185.254.120.41UNKNOWN
ZA155.93.250.147South Africa

List from TCP port scans:

Sunday, November 17, 2019

Botnet Statistics [2019-11-16]

detection period: 2019-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 18135
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17409
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud590
2Baidu587
3TENCENT-CN538
4UNICOM-HA462
5HINET-NET452
6KORNET303
7VNPT-VN246
8CMNET226
9CHINANET-JS210
10DIGITALOCEAN-12204

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4978
2United States1992
3Brazil734
4India731
5France727
6Russian Federation649
7Viet Nam633
8Taiwan559
9South Korea491
10Indonesia404

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445340719
22337304
32229472
4143314249
52011571
6268409
733897175
822007167
92216574
106326224

Suspected Bot List [2019-11-16]

detection period: 2019-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 726

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ID202.162.220.202Indonesia
NG196.45.48.48Nigeria

List from TCP port scans:

Saturday, November 16, 2019

Botnet Statistics [2019-11-15]

detection period: 2019-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 18092
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17410
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud596
2Baidu593
3TENCENT-CN535
4HINET-NET330
5VNPT-VN295
6KORNET289
7CMNET266
8CHINANET-JS232
9CHINANET-GD218
10UNICOM-HA214

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5156
2United States2057
3India772
4France709
5Russian Federation701
6Viet Nam680
7Indonesia527
8South Korea468
9Taiwan438
10Brazil436

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445372392
22329187
32227229
4143310453
522129992
6269614
722008967
833898221
96327234
106336662

Suspected Bot List [2019-11-15]

detection period: 2019-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 682

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
UNKNOWN185.254.120.41UNKNOWN
ZA160.119.141.196South Africa

List from TCP port scans:

Friday, November 15, 2019

Botnet Statistics [2019-11-14]

detection period: 2019-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 18861
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18150
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud609
2Baidu606
3TENCENT-CN543
4HINET-NET391
5UNICOM-HA385
6VNPT-VN326
7KORNET303
8CMNET238
9VIETTEL-VN228
10CHINANET-JS219

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5164
2United States1990
3India848
4Russian Federation775
5Viet Nam752
6France736
7Brazil618
8Indonesia543
9South Korea495
10Taiwan482

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12338736
244537875
32235219
42128672
512318710
6338913201
72613060
822312865
9143311417
1022011185

Suspected Bot List [2019-11-14]

detection period: 2019-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 711

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES79.158.108.108Spain
IN42.104.97.231India

List from TCP port scans:

Thursday, November 14, 2019

Botnet Statistics [2019-11-13]

detection period: 2019-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 20187
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19463
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA1297
2Baidu619
3TencentCloud612
4TENCENT-CN552
5HINET-NET512
6KORNET310
7VNPT-VN303
8VIETTEL-VN255
9CMNET231
10CHINANET-JS208

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6188
2United States1985
3India853
4Viet Nam796
5France772
6Russian Federation749
7Brazil662
8Taiwan615
9Indonesia525
10South Korea490

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112367211
22344514
32238930
444527141
5143313455
6228011767
722009120
815977850
96357671
1015997629

Suspected Bot List [2019-11-13]

detection period: 2019-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 724

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES88.1.126.116Spain
NG41.87.80.26Nigeria
UNKNOWN185.254.120.41UNKNOWN
UNKNOWN185.254.120.45UNKNOWN

List from TCP port scans:

Wednesday, November 13, 2019

Botnet Statistics [2019-11-12]

detection period: 2019-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 20775
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20051
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1UNICOM-HA2462
2Baidu643
3TencentCloud624
4TENCENT-CN585
5KORNET339
6VNPT-VN314
7CMNET262
8HINET-NET257
9CHINANET-JS231
10TELKOMNET218

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7373
2United States2065
3France805
4Viet Nam722
5Russian Federation692
6India678
7Brazil616
8Indonesia551
9South Korea520
10Singapore360

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112367541
22346377
32240050
444535547
522009756
614339242
76358601
815998151
922117905
106337679

Suspected Bot List [2019-11-12]

detection period: 2019-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 724

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, November 12, 2019

Botnet Statistics [2019-11-11]

detection period: 2019-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 19438
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18683
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu678
2TencentCloud667
3TENCENT-CN626
4KORNET346
5CMNET286
6HINET-NET284
7VNPT-VN278
8DIGITALOCEAN-12245
9DO-13237
10CHINANET-JS237

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5349
2United States2351
3France858
4India781
5Russian Federation770
6Viet Nam726
7Indonesia567
8South Korea540
9Brazil478
10Singapore370

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112377251
22341227
344539512
42234087
5220013474
6143312816
7338910609
815999217
96349208
106358947

Suspected Bot List [2019-11-11]

detection period: 2019-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 755

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
TN41.226.0.114Tunisia

List from TCP port scans:

Monday, November 11, 2019

Botnet Statistics [2019-11-10]

detection period: 2019-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 16464
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15824
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu667
2TencentCloud633
3TENCENT-CN618
4KORNET336
5CMNET262
6HINET-NET234
7DO-13222
8DIGITALOCEAN-12215
9CHINANET-JS204
10OVH177

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4833
2United States2051
3France812
4Russian Federation652
5South Korea510
6India501
7Viet Nam452
8Brazil413
9Indonesia390
10Singapore341

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144588661
22328893
312328000
42224040
5220015883
6143310856
733899573
822027915
959006348
1010005925

Suspected Bot List [2019-11-10]

detection period: 2019-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 640

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
UNKNOWN185.254.120.41UNKNOWN
ZA196.24.44.6South Africa

List from TCP port scans:

Sunday, November 10, 2019

Botnet Statistics [2019-11-09]

detection period: 2019-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 16900
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16214
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu681
2TencentCloud665
3TENCENT-CN625
4KORNET313
5CMNET269
6DO-13253
7DIGITALOCEAN-12229
8CHINANET-JS192
9VNPT-VN188
10OVH183

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4846
2United States2154
3France869
4Russian Federation630
5India627
6Viet Nam521
7South Korea496
8Brazil423
9Indonesia382
10Singapore342

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144547860
22329111
3590024063
42218997
5202211907
6143310400
733898139
8300228007
990007875
1039897234

Suspected Bot List [2019-11-09]

detection period: 2019-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 686

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KE197.248.100.50Kenya

List from TCP port scans:

Saturday, November 9, 2019

Botnet Statistics [2019-11-08]

detection period: 2019-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 16869
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16220
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu620
2TencentCloud610
3TENCENT-CN593
4KORNET323
5DO-13287
6CMNET260
7VNPT-VN221
8DIGITALOCEAN-12220
9HINET-NET197
10ALISOFT194

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4778
2United States2117
3France790
4India672
5Russian Federation628
6Viet Nam583
7South Korea514
8Brazil492
9Indonesia478
10Singapore338

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144545881
22221267
32318542
4900013129
514338850
633898267
720227452
859007281
9222226264
1010005612

Suspected Bot List [2019-11-08]

detection period: 2019-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 649

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, November 8, 2019

Botnet Statistics [2019-11-07]

detection period: 2019-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 17316
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16680
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu634
2TencentCloud600
3TENCENT-CN592
4KORNET350
5DO-13283
6VNPT-VN248
7CMNET242
8HINET-NET225
9DIGITALOCEAN-12208
10ALISOFT202

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4815
2United States2099
3France827
4India699
5Russian Federation692
6Viet Nam645
7South Korea524
8Indonesia507
9Brazil487
10Singapore321

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144537974
22222230299
32321437
42219986
52201114317
6900010158
7143310006
833899604
99997733
109907165

Suspected Bot List [2019-11-07]

detection period: 2019-11-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 636

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KR203.237.114.108South Korea
MX189.232.63.153Mexico

List from TCP port scans:

Thursday, November 7, 2019

Botnet Statistics [2019-11-06]

detection period: 2019-11-06 00:00-23:59 UTC
total number of suspected botnet IPs: 17547
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16900
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu626
2TencentCloud606
3TENCENT-CN599
4KORNET334
5DO-13270
6VNPT-VN267
7CMNET240
8DIGITALOCEAN-12219
9HINET-NET213
10AT-88-Z207

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4685
2United States2390
3France827
4India712
5Russian Federation695
6Viet Nam683
7Brazil530
8South Korea509
9Indonesia509
10Singapore322

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1302235565
2503827832
32218423
42318069
544515204
622210152
790009939
833898812
914338594
1010008337