Custom Search

Tuesday, December 31, 2019

Botnet Statistics [2019-12-30]

detection period: 2019-12-30 00:00-23:59 UTC
total number of suspected botnet IPs: 22169
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21204
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud733
2VNPT-VN599
3Baidu594
4TENCENT-CN541
5HINET-NET419
6KORNET399
7VIETTEL-VN365
8TELKOMNET321
9CHINANET-JS261
1002.558.157/0001-62230

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4944
2United States2109
3Viet Nam1435
4India1171
5Russian Federation1051
6Brazil876
7Indonesia845
8France785
9South Korea591
10Taiwan572

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144547189
22242174
3302236144
4667835301
52332410
622224825
7808020998
8338914323
9222714087
10590114039

Suspected Bot List [2019-12-30]

detection period: 2019-12-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 965

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, December 30, 2019

Botnet Statistics [2019-12-29]

detection period: 2019-12-29 00:00-23:59 UTC
total number of suspected botnet IPs: 20265
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19399
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud730
2Baidu600
3TENCENT-CN539
4KORNET391
5HINET-NET383
6VNPT-VN378
7VIETTEL-VN294
8CHINANET-JS247
9CMNET227
10DO-13216

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4774
2United States2283
3Viet Nam1030
4Russian Federation889
5France810
6India761
7Brazil710
8Indonesia587
9South Korea571
10Taiwan536

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12250446
2667834618
344527211
422225503
52321986
61000019943
7338918923
8222718454
9222215711
10902213695

Suspected Bot List [2019-12-29]

detection period: 2019-12-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 866

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, December 29, 2019

Botnet Statistics [2019-12-28]

detection period: 2019-12-28 00:00-23:59 UTC
total number of suspected botnet IPs: 20405
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19558
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud725
2Baidu610
3TENCENT-CN537
4VNPT-VN465
5KORNET378
6VIETTEL-VN334
7HINET-NET302
8CHINANET-JS249
9TELKOMNET215
10MX-MTSC2-LACNIC212

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4587
2United States2379
3Viet Nam1209
4India968
5Russian Federation955
6France768
7Brazil760
8Indonesia635
9South Korea553
10Mexico498

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12246255
244531235
322226124
4338919620
52317827
6902212009
7238210937
8222210604
9808010041
1028379597

Suspected Bot List [2019-12-28]

detection period: 2019-12-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 847

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, December 28, 2019

Botnet Statistics [2019-12-27]

detection period: 2019-12-27 00:00-23:59 UTC
total number of suspected botnet IPs: 21723
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20832
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN739
2TencentCloud734
3Baidu613
4TENCENT-CN546
5VIETTEL-VN440
6KORNET356
7HINET-NET318
8CHINANET-JS273
9TELKOMNET263
1002.558.157/0001-62219

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4690
2United States2353
3Viet Nam1662
4India1142
5Russian Federation1040
6Brazil853
7France828
8Indonesia816
9South Korea520
10Mexico435

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144545175
22234887
3605334385
422224785
5592221768
62318599
7338915358
8902210263
9222210139
1010469956

Suspected Bot List [2019-12-27]

detection period: 2019-12-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 891

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, December 27, 2019

Botnet Statistics [2019-12-26]

detection period: 2019-12-26 00:00-23:59 UTC
total number of suspected botnet IPs: 20897
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19993
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud749
2Baidu623
3VNPT-VN607
4TENCENT-CN545
5VIETTEL-VN377
6KORNET334
7TELKOMNET286
8HINET-NET262
9CHINANET-JS235
10DO-13216

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4656
2United States2170
3Viet Nam1428
4India1080
5Russian Federation1047
6Indonesia837
7France829
8Brazil829
9South Korea500
10Mexico463

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144548068
22235413
3605329909
4592223544
522220118
62316483
7902210937
823829280
959009171
1010469153

Suspected Bot List [2019-12-26]

detection period: 2019-12-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 904

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, December 26, 2019

Botnet Statistics [2019-12-25]

detection period: 2019-12-25 00:00-23:59 UTC
total number of suspected botnet IPs: 20141
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19338
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud752
2Baidu626
3VNPT-VN616
4TENCENT-CN556
5VIETTEL-VN392
6KORNET371
7HINET-NET259
8CHINANET-JS241
9MX-MTSC2-LACNIC231
10DO-13212

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4642
2United States2163
3Viet Nam1469
4Russian Federation1044
5India930
6France824
7Brazil705
8Indonesia594
9South Korea544
10Mexico443

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12239989
244530792
32318346
422215631
5900011319
6338911288
7902211031
823569640
914339379
10223459318

Suspected Bot List [2019-12-25]

detection period: 2019-12-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 803

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, December 25, 2019

Botnet Statistics [2019-12-24]

detection period: 2019-12-24 00:00-23:59 UTC
total number of suspected botnet IPs: 21256
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20328
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud744
2Baidu643
3VNPT-VN620
4TENCENT-CN570
5KORNET411
6VIETTEL-VN377
7CHINANET-JS263
8TELKOMNET251
9HINET-NET243
10MX-MTSC2-LACNIC228

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4768
2United States2191
3Viet Nam1461
4India1119
5Russian Federation1090
6France848
7Brazil785
8Indonesia710
9South Korea587
10Mexico521

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12237188
244536290
322224372
42314957
5338913540
6900012498
7902212484
8892212481
91232210953
10238210683

Suspected Bot List [2019-12-24]

detection period: 2019-12-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 928

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, December 24, 2019

Botnet Statistics [2019-12-23]

detection period: 2019-12-23 00:00-23:59 UTC
total number of suspected botnet IPs: 24861
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23761
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN834
2TencentCloud760
3Baidu623
4TENCENT-CN561
5VIETTEL-VN544
6KORNET519
7TELKOMNET368
8HINET-NET306
9CHINANET-JS269
1002.558.157/0001-62252

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5018
2United States2370
3Viet Nam1929
4India1409
5Russian Federation1350
6Indonesia1011
7Brazil1006
8France947
9South Korea711
10Thailand556

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12263971
2302252217
344548202
422230225
5222626318
6143325666
7900022736
8338919141
92941818934
102317727

Suspected Bot List [2019-12-23]

detection period: 2019-12-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1100

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, December 23, 2019

Botnet Statistics [2019-12-22]

detection period: 2019-12-22 00:00-23:59 UTC
total number of suspected botnet IPs: 16648
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15869
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN351
2VIETTEL-VN346
3HINET-NET311
4Baidu298
5KORNET273
6TELKOMNET220
7TencentCloud217
802.558.157/0001-62208
9CHINANET-JS207
10DIGITALOCEAN-12187

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2838
2United States1608
3Russian Federation1145
4Viet Nam1087
5India775
6Brazil751
7Indonesia642
8France588
9South Korea423
10Taiwan404

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
150381044730
27070494310
32287499
444539205
5222530111
622227973
7143325495
8900023860
9222221239
10338918750

Suspected Bot List [2019-12-22]

detection period: 2019-12-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 779

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, December 22, 2019

Botnet Statistics [2019-12-21]

detection period: 2019-12-21 00:00-23:59 UTC
total number of suspected botnet IPs: 17781
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16896
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN582
2VIETTEL-VN365
3HINET-NET315
4TELKOMNET281
5KORNET279
6Baidu260
7TencentCloud240
8CHINANET-JS225
9DIGITALOCEAN-12205
1002.558.157/0001-62195

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2843
2United States1614
3Viet Nam1385
4Russian Federation1132
5India1129
6Brazil805
7Indonesia785
8France573
9Taiwan421
10South Korea408

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
150383042658
270701014891
32271997
444552945
5515143895
6143324630
7900024420
8222524411
922219029
10338918744

Suspected Bot List [2019-12-21]

detection period: 2019-12-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 885

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, December 21, 2019

Botnet Statistics [2019-12-20]

detection period: 2019-12-20 00:00-23:59 UTC
total number of suspected botnet IPs: 18304
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17449
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN805
2VIETTEL-VN460
3TELKOMNET355
4HINET-NET298
5KORNET291
6Baidu260
7TencentCloud246
8VE-CSVE-LACNIC223
902.558.157/0001-62219
10CHINANET-JS197

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2715
2Viet Nam1744
3United States1628
4Russian Federation1168
5India1133
6Indonesia930
7Brazil835
8France554
9Thailand447
10South Korea428

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
122445720662
2503895469
32267719
444566153
5900023524
6143322595
7515120571
8707019845
9338919723
10500019722

Suspected Bot List [2019-12-20]

detection period: 2019-12-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 855

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, December 20, 2019

Botnet Statistics [2019-12-19]

detection period: 2019-12-19 00:00-23:59 UTC
total number of suspected botnet IPs: 13128
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12582
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN275
2KORNET261
3Baidu257
4CHINANET-JS223
5TencentCloud210
6DIGITALOCEAN-12195
7VIETTEL-VN186
8CMNET171
9TENCENT-CN164
10TELKOMNET151

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2726
2United States1559
3India768
4Viet Nam725
5Russian Federation555
6France540
7Indonesia455
8Brazil440
9South Korea380
10Singapore282

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
17070508862
25038231924
35000107375
444574290
5800070937
62264274
72244530322
8338927451
9143324215
10900023076

Suspected Bot List [2019-12-19]

detection period: 2019-12-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 546

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, December 19, 2019

Botnet Statistics [2019-12-18]

detection period: 2019-12-18 00:00-23:59 UTC
total number of suspected botnet IPs: 15247
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14560
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN498
2VIETTEL-VN293
3TencentCloud289
4Baidu274
5TELKOMNET255
6KORNET249
7CHINANET-JS204
8TENCENT-CN198
9DIGITALOCEAN-12197
1002.558.157/0001-62195

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2767
2United States1710
3Viet Nam1135
4India931
5Russian Federation793
6Indonesia731
7Brazil669
8France562
9South Korea364
10Thailand313

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
150382964244
2707069185
32262088
444554880
5143324257
6338921071
7900019076
822218216
9202216840
102313543

Suspected Bot List [2019-12-18]

detection period: 2019-12-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 687

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, December 18, 2019

Botnet Statistics [2019-12-17]

detection period: 2019-12-17 00:00-23:59 UTC
total number of suspected botnet IPs: 18657
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17786
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN647
2TencentCloud442
3VIETTEL-VN366
4TELKOMNET328
5TENCENT-CN323
6Baidu304
7KORNET288
8HINET-NET247
9CHINANET-JS243
10CMNET198

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3388
2United States1926
3Viet Nam1406
4India1116
5Russian Federation1103
6Indonesia864
7Brazil826
8France642
9South Korea428
10Thailand417

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12274990
244560888
3143328423
422227770
5338919757
6222217727
7900015794
82222215211
92314251
10909913306

Suspected Bot List [2019-12-17]

detection period: 2019-12-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 871

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, December 17, 2019

Botnet Statistics [2019-12-16]

detection period: 2019-12-16 00:00-23:59 UTC
total number of suspected botnet IPs: 15098
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14456
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud444
2VNPT-VN383
3TENCENT-CN304
4KORNET301
5Baidu297
6VIETTEL-VN249
7CHINANET-JS215
8TELKOMNET213
9DIGITALOCEAN-12192
10HINET-NET191

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3276
2United States1627
3Viet Nam873
4India778
5Russian Federation746
6France617
7Brazil563
8Indonesia561
9South Korea439
10Singapore318

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12277367
244571434
3143328218
422226148
5222121141
6202218584
72315511
8222215000
92222214050
10302213810

Suspected Bot List [2019-12-16]

detection period: 2019-12-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 642

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, December 16, 2019

Botnet Statistics [2019-12-15]

detection period: 2019-12-15 00:00-23:59 UTC
total number of suspected botnet IPs: 15850
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15148
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud394
2VNPT-VN348
3TENCENT-CN295
4VIETTEL-VN274
5KORNET274
6Baidu264
7HINET-NET238
8TELKOMNET225
9CHINANET-JS206
10DIGITALOCEAN-12194

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3027
2United States1647
3Russian Federation1014
4Viet Nam907
5India741
6Brazil714
7Indonesia613
8France608
9South Korea397
10Taiwan329

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
16600368627
22273437
3503834437
4899933194
544527690
6143327061
722223140
8222215033
9590014973
10338914372

Suspected Bot List [2019-12-15]

detection period: 2019-12-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 702

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, December 15, 2019

Botnet Statistics [2019-12-14]

detection period: 2019-12-14 00:00-23:59 UTC
total number of suspected botnet IPs: 18483
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17613
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN559
2TencentCloud445
3VIETTEL-VN323
4Baidu323
5TENCENT-CN322
6KORNET311
7HINET-NET286
8TELKOMNET261
902.558.157/0001-62244
10CHINANET-JS230

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3539
2United States1847
3Viet Nam1270
4Russian Federation1058
5India1055
6Brazil841
7Indonesia739
8France628
9South Korea463
10Taiwan385

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
16600144913
22284754
344547705
4143330777
522227927
6222219650
72222217212
82232216985
92315248
10338914722

Suspected Bot List [2019-12-14]

detection period: 2019-12-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 870

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, December 14, 2019

Botnet Statistics [2019-12-13]

detection period: 2019-12-13 00:00-23:59 UTC
total number of suspected botnet IPs: 17929
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17125
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN554
2TencentCloud425
3TENCENT-CN353
4VIETTEL-VN324
5Baidu312
6KORNET308
7TELKOMNET291
8HINET-NET275
9CHINANET-JS229
10DIGITALOCEAN-12199

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3457
2United States1893
3Viet Nam1257
4India1121
5Russian Federation977
6Indonesia800
7Brazil751
8France635
9South Korea447
10Thailand391

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12289868
22232261234
344552489
422232697
5143330177
6222222377
7338918351
82317800
92222217240
1082216277

Suspected Bot List [2019-12-13]

detection period: 2019-12-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 804

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, December 13, 2019

Botnet Statistics [2019-12-12]

detection period: 2019-12-12 00:00-23:59 UTC
total number of suspected botnet IPs: 20965
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20077
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN674
2TencentCloud506
3Baidu382
4VIETTEL-VN361
5TENCENT-CN360
6KORNET356
7HINET-NET352
8TELKOMNET348
9CHINANET-JS258
1002.558.157/0001-62219

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4061
2United States1956
3Viet Nam1506
4India1234
5Russian Federation1214
6Indonesia946
7Brazil911
8France734
9South Korea535
10Taiwan429

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
122101289
22232265270
344563120
422242907
5143340646
62325951
7222222615
882221702
9338920960
102222216988

Suspected Bot List [2019-12-12]

detection period: 2019-12-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 888

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, December 12, 2019

Botnet Statistics [2019-12-11]

detection period: 2019-12-11 00:00-23:59 UTC
total number of suspected botnet IPs: 22694
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21664
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN766
2TencentCloud538
3VIETTEL-VN459
4Baidu398
5TENCENT-CN386
6HINET-NET383
7TELKOMNET372
8KORNET360
902.558.157/0001-62266
10CHINANET-JS249

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4137
2United States2057
3Viet Nam1724
4India1499
5Russian Federation1214
6Brazil1138
7Indonesia965
8France730
9South Korea555
10Taiwan491

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
122110833
2445100743
32232265432
422249747
5503841391
6143332022
72222229733
8338928790
9222225011
102324592

Suspected Bot List [2019-12-11]

detection period: 2019-12-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1030

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, December 11, 2019

Botnet Statistics [2019-12-10]

detection period: 2019-12-10 00:00-23:59 UTC
total number of suspected botnet IPs: 24572
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23469
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN910
2TencentCloud535
3VIETTEL-VN524
4TELKOMNET474
5Baidu429
6TENCENT-CN420
7KORNET394
8HINET-NET357
9CHINANET-JS290
1002.558.157/0001-62285

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4230
2United States2071
3Viet Nam2031
4India1570
5Russian Federation1404
6Brazil1266
7Indonesia1197
8France793
9South Korea585
10Thailand476

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1999156463
222122675
344572160
42232267721
522264131
62222048782
7143336092
8338929845
9222228744
10303028202

Suspected Bot List [2019-12-10]

detection period: 2019-12-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1103

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, December 10, 2019

Botnet Statistics [2019-12-09]

detection period: 2019-12-09 00:00-23:59 UTC
total number of suspected botnet IPs: 26501
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25389
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN1036
2VIETTEL-VN593
3TencentCloud556
4TELKOMNET499
5KORNET452
6TENCENT-CN424
7Baidu418
8HINET-NET369
902.558.157/0001-62287
10CHINANET-JS271

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4472
2Viet Nam2269
3United States2230
4India1688
5Russian Federation1502
6Brazil1430
7Indonesia1264
8France811
9South Korea669
10Thailand667

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1999648671
222128395
3445105924
42232294904
522279938
611044003
7143336018
8338933309
92331056
10222228636

Suspected Bot List [2019-12-09]

detection period: 2019-12-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1112

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, December 9, 2019

Botnet Statistics [2019-12-08]

detection period: 2019-12-08 00:00-23:59 UTC
total number of suspected botnet IPs: 24732
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23672
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN614
2TencentCloud595
3TENCENT-CN458
4KORNET448
5Baidu441
6VIETTEL-VN395
7HINET-NET394
8TELKOMNET339
9CHINANET-JS288
1002.558.157/0001-62284

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4751
2United States2168
3Russian Federation1529
4Viet Nam1468
5Brazil1398
6India1215
7Indonesia890
8France818
9South Korea645
10Thailand542

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1999686229
222137712
322279208
444552458
5503839130
62332301
7338931465
8143330374
9222228088
10590020470