Custom Search

Saturday, February 29, 2020

Botnet Statistics [2020-02-28]

detection period: 2020-02-28 00:00-23:59 UTC
total number of suspected botnet IPs: 35113
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33213
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1068
2VNPT-VN1066
3VIETTEL-VN814
4Baidu781
5HINET-NET778
6TENCENT-CN674
7KORNET534
8TELKOMNET491
9ALISOFT448
10CHINANET-JS382

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7671
2United States3027
3Viet Nam2588
4India1933
5Russian Federation1884
6Indonesia1348
7Taiwan1182
8France1003
9South Korea826
10Thailand789

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12048595661
2404530861
32228965
421132926
5777783758
644580814
73902276990
8444476517
92359715
10590343104

Suspected Bot List [2020-02-28]

detection period: 2020-02-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1900

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, February 28, 2020

Botnet Statistics [2020-02-27]

detection period: 2020-02-27 00:00-23:59 UTC
total number of suspected botnet IPs: 34135
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32359
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1092
2VNPT-VN969
3HINET-NET850
4Baidu816
5VIETTEL-VN744
6TENCENT-CN690
7TELKOMNET485
8ALISOFT447
9KORNET424
10CHINANET-JS375

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7782
2United States2999
3Viet Nam2346
4Russian Federation1947
5India1771
6Indonesia1332
7Taiwan1206
8France1006
9Thailand734
10South Korea687

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1404788094
22048594890
321143604
444589698
5777784547
6444474413
7202073659
8503865605
92358356
103902258327

Suspected Bot List [2020-02-27]

detection period: 2020-02-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1856

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, February 27, 2020

Botnet Statistics [2020-02-26]

detection period: 2020-02-26 00:00-23:59 UTC
total number of suspected botnet IPs: 35388
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33532
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1147
2TencentCloud1088
3VNPT-VN1057
4VIETTEL-VN924
5Baidu832
6TENCENT-CN691
7KORNET564
8ALISOFT486
9TELKOMNET455
10CHINANET-JS378

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7745
2United States3104
3Viet Nam2691
4Russian Federation1944
5India1857
6Taiwan1610
7Indonesia1311
8France1006
9South Korea873
10Thailand710

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12048595685
2404202790
321193810
444585956
5202078047
6777774064
7444473767
83902270527
92370135
102251356

Suspected Bot List [2020-02-26]

detection period: 2020-02-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1856

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, February 26, 2020

Botnet Statistics [2020-02-25]

detection period: 2020-02-25 00:00-23:59 UTC
total number of suspected botnet IPs: 48342
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 46513
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1107
2VNPT-VN1028
3HINET-NET894
4Baidu814
5VIETTEL-VN805
6CHINANET-JS693
7TENCENT-CN683
8CHINANET-SN590
9CHINANET-JX585
10CHINANET-XJ543

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China21578
2United States3146
3Viet Nam2529
4Russian Federation1821
5India1736
6Taiwan1308
7Indonesia1241
8France1029
9South Korea819
10Thailand747

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12048563229
221320811
35038148347
47070139563
57000136714
68000104136
7202078037
8777775028
9444471574
103902270889

Suspected Bot List [2020-02-25]

detection period: 2020-02-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1829

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, February 25, 2020

Botnet Statistics [2020-02-24]

detection period: 2020-02-24 00:00-23:59 UTC
total number of suspected botnet IPs: 36473
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34722
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1164
2TencentCloud1119
3Baidu880
4VNPT-VN861
5TENCENT-CN708
6KORNET685
7VIETTEL-VN670
8ALISOFT475
9CHINANET-JS426
10CMNET372

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9721
2United States3347
3Viet Nam2213
4Russian Federation1690
5Taiwan1608
6India1598
7France1176
8Indonesia1159
9South Korea1024
10Thailand641

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1999200895
25038165252
32371839
444559261
5777753096
6999952174
7444451673
82636582
9202036560
102229168

Suspected Bot List [2020-02-24]

detection period: 2020-02-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1751

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, February 24, 2020

Botnet Statistics [2020-02-23]

detection period: 2020-02-23 00:00-23:59 UTC
total number of suspected botnet IPs: 33133
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31620
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1410
2TencentCloud1108
3KORNET871
4Baidu870
5TENCENT-CN710
6VIETTEL-VN650
7VNPT-VN509
8ALISOFT454
9CMNET372
10CHINANET-GD366

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7687
2United States3522
3Taiwan1869
4Viet Nam1749
5Russian Federation1667
6South Korea1215
7France1168
8India1113
9Indonesia808
10Italy506

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
15038101851
22381557
3777764895
4444455712
5202036708
62636110
744535270
82235208
9222028615
10707028303

Suspected Bot List [2020-02-23]

detection period: 2020-02-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1513

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, February 23, 2020

Botnet Statistics [2020-02-22]

detection period: 2020-02-22 00:00-23:59 UTC
total number of suspected botnet IPs: 33256
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31693
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1186
2TencentCloud1064
3Baidu824
4KORNET776
5VIETTEL-VN773
6TENCENT-CN662
7VNPT-VN661
8ALISOFT418
9CHINANET-JS350
10CMNET349

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7320
2United States3391
3Viet Nam2078
4Russian Federation1791
5Taiwan1581
6India1475
7France1106
8South Korea1087
9Indonesia920
10Brazil652

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
15038160698
27070144722
38000139596
45000139330
57000138746
62386108
7444475027
844554480
92245709
10202041363

Suspected Bot List [2020-02-22]

detection period: 2020-02-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1563

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, February 22, 2020

Botnet Statistics [2020-02-21]

detection period: 2020-02-21 00:00-23:59 UTC
total number of suspected botnet IPs: 32561
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30969
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1068
2HINET-NET881
3VNPT-VN856
4VIETTEL-VN848
5Baidu832
6TENCENT-CN662
7KORNET521
8ALISOFT486
9TELKOMNET440
10CMNET338

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7120
2United States3391
3Viet Nam2361
4Russian Federation1752
5India1431
6Indonesia1155
7Taiwan1145
8France1092
9South Korea788
10Thailand666

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12395215
2444475274
344561435
4961156
52250641
6202040885
7222040182
822239017
92636428
10143330833

Suspected Bot List [2020-02-21]

detection period: 2020-02-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1592

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, February 21, 2020

Botnet Statistics [2020-02-20]

detection period: 2020-02-20 00:00-23:59 UTC
total number of suspected botnet IPs: 34482
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32690
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1056
2VNPT-VN951
3VIETTEL-VN916
4Baidu838
5HINET-NET817
6KORNET689
7TENCENT-CN675
8TELKOMNET522
9ALISOFT470
1002.558.157/0001-62351

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7033
2United States3418
3Viet Nam2566
4India1852
5Russian Federation1851
6Indonesia1353
7France1097
8Taiwan1058
9South Korea1006
10Thailand668

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777175613
2204899019
3777778965
42375325
5444475017
6971280
7222068192
844563773
92249398
102638002

Suspected Bot List [2020-02-20]

detection period: 2020-02-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1792

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, February 20, 2020

Botnet Statistics [2020-02-19]

detection period: 2020-02-19 00:00-23:59 UTC
total number of suspected botnet IPs: 37742
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 35703
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1106
2VNPT-VN1095
3VIETTEL-VN979
4TencentCloud975
5Baidu799
6KORNET732
7TENCENT-CN616
8TELKOMNET531
9ALISOFT409
1002.558.157/0001-62374

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7220
2United States3461
3Viet Nam2821
4Russian Federation2039
5India1966
6Indonesia1421
7Taiwan1401
8France1166
9South Korea1059
10Thailand847

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777406864
22048182662
32394453
4777790083
544581250
6444475129
7503871687
8138967829
9224263358
103349243

Suspected Bot List [2020-02-19]

detection period: 2020-02-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2039

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, February 19, 2020

Botnet Statistics [2020-02-18]

detection period: 2020-02-18 00:00-23:59 UTC
total number of suspected botnet IPs: 35583
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33713
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1281
2VNPT-VN1039
3VIETTEL-VN1023
4TencentCloud909
5Baidu708
6TENCENT-CN568
7KORNET544
8TELKOMNET502
9ALISOFT438
1002.558.157/0001-62380

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6763
2United States3180
3Viet Nam2760
4India1941
5Russian Federation1916
6Taiwan1594
7Indonesia1338
8France1075
9Brazil906
10South Korea833

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777359390
22048197695
32399038
4777790424
5444475319
644575135
72259462
8222041863
922238634
10143333356

Suspected Bot List [2020-02-18]

detection period: 2020-02-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1870

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, February 18, 2020

Botnet Statistics [2020-02-17]

detection period: 2020-02-17 00:00-23:59 UTC
total number of suspected botnet IPs: 34208
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32416
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1222
2VNPT-VN1002
3TencentCloud894
4VIETTEL-VN885
5Baidu715
6TENCENT-CN566
7KORNET530
8TELKOMNET473
9ALISOFT409
1002.558.157/0001-62392

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6465
2United States3186
3Viet Nam2547
4India1818
5Russian Federation1788
6Taiwan1509
7Indonesia1328
8Brazil1173
9France1107
10South Korea792

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777346678
22048196374
32398800
4777787546
544576189
6444473753
71770067740
82256330
9222040389
1022238813

Suspected Bot List [2020-02-17]

detection period: 2020-02-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1792

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, February 17, 2020

Botnet Statistics [2020-02-16]

detection period: 2020-02-16 00:00-23:59 UTC
total number of suspected botnet IPs: 31243
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29741
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1197
2TencentCloud925
3VIETTEL-VN733
4Baidu729
5KORNET643
6VNPT-VN594
7TENCENT-CN590
8ALISOFT460
9DO-13331
10CMNET331

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6487
2United States3239
3Viet Nam1840
4Russian Federation1728
5Taiwan1510
6India1254
7France1128
8Brazil969
9South Korea927
10Indonesia832

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777357593
22048199307
33874142628
4777790011
52388658
6444475694
72247575
8222040515
922237504
1044537323

Suspected Bot List [2020-02-16]

detection period: 2020-02-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1502

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, February 16, 2020

Botnet Statistics [2020-02-15]

detection period: 2020-02-15 00:00-23:59 UTC
total number of suspected botnet IPs: 31415
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29900
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1259
2TencentCloud912
3Baidu775
4VIETTEL-VN716
5VNPT-VN715
6TENCENT-CN597
7DIGITALOCEAN-6467
8DIGITALOCEAN-7448
9KORNET424
10ALISOFT393

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6554
2United States3516
3Viet Nam2001
4Russian Federation1619
5India1580
6Taiwan1544
7France1095
8Indonesia974
9Brazil740
10South Korea698

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777359360
22048203859
32220128993
42393179
5777789623
6444475046
7503860824
844542217
92241903
10338939957

Suspected Bot List [2020-02-15]

detection period: 2020-02-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1515

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, February 15, 2020

Botnet Statistics [2020-02-14]

detection period: 2020-02-14 00:00-23:59 UTC
total number of suspected botnet IPs: 31892
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30335
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1036
2VNPT-VN992
3VIETTEL-VN982
4TencentCloud890
5Baidu761
6TENCENT-CN587
7TELKOMNET482
8DIGITALOCEAN-6463
9DIGITALOCEAN-7438
10KORNET425

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6365
2United States3373
3Viet Nam2578
4Russian Federation1686
5India1549
6Indonesia1319
7Taiwan1306
8France1016
9Brazil844
10Thailand807

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777358628
22048281044
32220139696
423103123
544594162
6777790802
7444483992
8338842145
92241474
1022239219

Suspected Bot List [2020-02-14]

detection period: 2020-02-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1557

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, February 14, 2020

Botnet Statistics [2020-02-13]

detection period: 2020-02-13 00:00-23:59 UTC
total number of suspected botnet IPs: 30815
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29269
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1007
2TencentCloud938
3VNPT-VN882
4VIETTEL-VN827
5Baidu778
6TENCENT-CN621
7KORNET445
8TELKOMNET434
9ALISOFT365
1002.558.157/0001-62326

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6419
2United States3090
3Viet Nam2349
4Russian Federation1517
5India1506
6Taiwan1266
7Indonesia1171
8France1022
9Brazil802
10South Korea667

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777351121
22048323378
32399976
4222095330
5777787808
6800084204
7500075803
844573204
9444472054
10503867384

Suspected Bot List [2020-02-13]

detection period: 2020-02-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1546

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, February 13, 2020

Botnet Statistics [2020-02-12]

detection period: 2020-02-12 00:00-23:59 UTC
total number of suspected botnet IPs: 31120
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29607
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1238
2TencentCloud950
3VIETTEL-VN902
4Baidu795
5VNPT-VN783
6TENCENT-CN626
7KORNET475
8TELKOMNET382
9ALISOFT359
10CHINANET-JS309

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6541
2United States3083
3Viet Nam2306
4Russian Federation1600
5Taiwan1505
6India1443
7Indonesia1057
8France1057
9Brazil790
10South Korea716

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777343515
22048312373
32393656
4222092357
5444474216
644561923
72261505
81000057805
9777749480
10707039184

Suspected Bot List [2020-02-12]

detection period: 2020-02-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1513

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, February 12, 2020

Botnet Statistics [2020-02-11]

detection period: 2020-02-11 00:00-23:59 UTC
total number of suspected botnet IPs: 31698
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30187
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1134
2TencentCloud965
3VIETTEL-VN838
4Baidu814
5VNPT-VN797
6TENCENT-CN626
7KORNET591
8TELKOMNET418
9ALISOFT361
10CMNET319

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6657
2United States3129
3Viet Nam2237
4Russian Federation1558
5India1538
6Taiwan1393
7Indonesia1124
8France1116
9South Korea854
10Brazil808

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777359920
22048322935
32220104835
42377048
52212276017
6777775725
71000064487
8444458043
944555885
102253810

Suspected Bot List [2020-02-11]

detection period: 2020-02-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1511

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, February 11, 2020

Botnet Statistics [2020-02-10]

detection period: 2020-02-10 00:00-23:59 UTC
total number of suspected botnet IPs: 28783
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27333
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1171
2TencentCloud865
3VNPT-VN787
4Baidu756
5VIETTEL-VN696
6TENCENT-CN571
7TELKOMNET434
8ALISOFT345
9CMNET328
10CHINANET-JS315

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6337
2United States2849
3Viet Nam2029
4Russian Federation1458
5India1428
6Taiwan1410
7Indonesia1199
8France941
9Brazil782
10South Korea516

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1777360753
22048319946
3222098465
444583933
5444475056
6900556532
72355329
822247565
92243136
10338938804

Suspected Bot List [2020-02-10]

detection period: 2020-02-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1450

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, February 10, 2020

Botnet Statistics [2020-02-09]

detection period: 2020-02-09 00:00-23:59 UTC
total number of suspected botnet IPs: 26261
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25086
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET1224
2TencentCloud861
3Baidu758
4TENCENT-CN566
5VIETTEL-VN492
6VNPT-VN438
7CHINANET-JS337
8ALISOFT334
9KORNET330
10CMNET303

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6429
2United States2960
3Taiwan1430
4Viet Nam1369
5Russian Federation1332
6France917
7India871
8Indonesia687
9Brazil630
10Hong Kong577

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12048319502
2777280379
3222091779
4444474817
52368174
622256433
72248818
844540487
9590137777
10338933586

Suspected Bot List [2020-02-09]

detection period: 2020-02-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1175

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, February 9, 2020

Botnet Statistics [2020-02-08]

detection period: 2020-02-08 00:00-23:59 UTC
total number of suspected botnet IPs: 25493
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24197
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud863
2Baidu762
3TENCENT-CN567
4VNPT-VN549
5HINET-NET487
6VIETTEL-VN397
7ALISOFT354
8KORNET329
9CHINANET-JS324
10CMNET307

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6099
2United States2929
3Viet Nam1421
4Russian Federation1391
5India1151
6France930
7Indonesia756
8Taiwan657
9Brazil644
10South Korea529

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12048321083
2222093231
3444474940
477771843
544569649
62260569
722256830
82341298
9590138060
102632977

Suspected Bot List [2020-02-08]

detection period: 2020-02-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1296

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, February 8, 2020

Botnet Statistics [2020-02-07]

detection period: 2020-02-07 00:00-23:59 UTC
total number of suspected botnet IPs: 27672
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26264
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud865
2Baidu762
3VNPT-VN738
4TENCENT-CN566
5HINET-NET523
6VIETTEL-VN480
7ALISOFT421
8TELKOMNET382
9KORNET346
10CHINANET-JS316

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6177
2United States3208
3Viet Nam1869
4Russian Federation1460
5India1374
6Indonesia1048
7France977
8Taiwan697
9Brazil686
10Thailand603

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12048310875
2777279314
322274012
42220105522
544582126
6444476483
722256786
82343332
92633479
10338931237

Suspected Bot List [2020-02-07]

detection period: 2020-02-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1408

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, February 7, 2020

Botnet Statistics [2020-02-06]

detection period: 2020-02-06 00:00-23:59 UTC
total number of suspected botnet IPs: 29124
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27597
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud899
2Baidu767
3VNPT-VN717
4TENCENT-CN598
5VIETTEL-VN505
6TELKOMNET475
7HINET-NET436
8KORNET394
9ALISOFT377
10CHINANET-JS334

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6466
2United States2976
3Viet Nam1873
4India1732
5Russian Federation1543
6Indonesia1304
7France981
8Brazil710
9Thailand679
10South Korea617

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1221657068
2777242658
32048241229
42220101124
544573017
6444460721
722253500
82343005
9338934813
102633871