Custom Search

Tuesday, March 31, 2020

Botnet Statistics [2020-03-30]

detection period: 2020-03-30 00:00-23:59 UTC
total number of suspected botnet IPs: 33569
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31906
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1136
2VNPT-VN1112
3Baidu849
4VIETTEL-VN783
5HINET-NET690
6TENCENT-CN655
7DIGITALOCEAN-7471
8TELKOMNET427
9CHINANET-JS390
10DO-13389

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9409
2United States3354
3Viet Nam2541
4Russian Federation1740
5Indonesia1202
6India1006
7France922
8Taiwan887
9Thailand729
10South Korea589

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
15038598336
27070545873
31030448060
41024192886
52048168116
64122117525
7102092653
8402286461
9700084811
1044584612

Suspected Bot List [2020-03-30]

detection period: 2020-03-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1663

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, March 30, 2020

Botnet Statistics [2020-03-29]

detection period: 2020-03-29 00:00-23:59 UTC
total number of suspected botnet IPs: 33573
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32112
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1146
2Baidu871
3TENCENT-CN676
4VNPT-VN659
5HINET-NET589
6VIETTEL-VN543
7DIGITALOCEAN-7475
8CHINANET-JS447
9CHINANET-GD392
10KORNET373

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China11639
2United States3307
3Viet Nam1669
4Russian Federation1644
5India972
6France964
7Indonesia850
8Taiwan796
9South Korea599
10Thailand532

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
150381028373
24122295823
37070199519
41024191536
52048181660
6402297688
7444474736
8777772250
9802259033
102256964

Suspected Bot List [2020-03-29]

detection period: 2020-03-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1461

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, March 29, 2020

Botnet Statistics [2020-03-28]

detection period: 2020-03-28 00:00-23:59 UTC
total number of suspected botnet IPs: 36009
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34493
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1120
2Baidu870
3VNPT-VN838
4TENCENT-CN669
5VIETTEL-VN627
6HINET-NET597
7DIGITALOCEAN-7477
8CHINANET-JS466
9KORNET396
10DO-13374

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China13092
2United States3400
3Viet Nam2039
4Russian Federation1646
5Indonesia1015
6India992
7France956
8Taiwan816
9South Korea648
10Thailand593

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
150381381265
281001239916
31024188372
42048180105
5402284844
6444471598
7777769895
8802257774
92352151
102247502

Suspected Bot List [2020-03-28]

detection period: 2020-03-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1516

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, March 28, 2020

Botnet Statistics [2020-03-27]

detection period: 2020-03-27 00:00-23:59 UTC
total number of suspected botnet IPs: 39521
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 37942
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN1143
2TencentCloud1072
3Baidu848
4VIETTEL-VN778
5HINET-NET658
6TENCENT-CN630
7CHINANET-HN570
8DIGITALOCEAN-7474
9CHINANET-JS474
10TELKOMNET452

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China15085
2United States3376
3Viet Nam2601
4Russian Federation1957
5Indonesia1260
6India1007
7France939
8Taiwan861
9Thailand744
10South Korea641

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181001881429
21024198511
32048180068
45038132930
544589984
6402277582
7444475192
8777769861
92358455
10802257799

Suspected Bot List [2020-03-27]

detection period: 2020-03-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1579

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, March 27, 2020

Botnet Statistics [2020-03-26]

detection period: 2020-03-26 00:00-23:59 UTC
total number of suspected botnet IPs: 34081
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32386
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1096
2VNPT-VN1012
3Baidu884
4VIETTEL-VN782
5HINET-NET653
6TENCENT-CN650
7DIGITALOCEAN-7475
8CHINANET-JS430
9TELKOMNET417
10CHINANET-GD394

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9446
2United States3345
3Viet Nam2474
4Russian Federation1914
5Indonesia1222
6India999
7France964
8Taiwan833
9Thailand747
10Egypt717

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
18100828366
21024183013
32048176734
46004103219
51000087891
644578580
7402271601
8444464852
9777762785
1099357115

Suspected Bot List [2020-03-26]

detection period: 2020-03-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1695

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, March 26, 2020

Botnet Statistics [2020-03-25]

detection period: 2020-03-25 00:00-23:59 UTC
total number of suspected botnet IPs: 34514
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32710
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1122
2VNPT-VN1024
3Baidu906
4VIETTEL-VN787
5TENCENT-CN659
6HINET-NET656
7DIGITALOCEAN-7482
8KORNET414
9CHINANET-JS387
10CHINANET-GD368

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9421
2United States3545
3Viet Nam2472
4Russian Federation1891
5India1004
6France998
7Indonesia972
8Taiwan843
9Thailand741
10Egypt705

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181001919556
21024182807
32048177875
46001138201
5445111334
6888198481
71000080083
8402277300
9777773568
10444463768

Suspected Bot List [2020-03-25]

detection period: 2020-03-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1804

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, March 25, 2020

Botnet Statistics [2020-03-24]

detection period: 2020-03-24 00:00-23:59 UTC
total number of suspected botnet IPs: 35362
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33692
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN1092
2TencentCloud1044
3Baidu821
4VIETTEL-VN820
5HINET-NET723
6TENCENT-CN612
7DIGITALOCEAN-7477
8TELKOMNET469
9KORNET423
10CHINANET-JS397

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China10541
2United States3060
3Viet Nam2534
4Russian Federation2010
5Indonesia1308
6India1195
7Taiwan948
8France924
9Thailand705
10South Korea650

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181002036406
21024206678
32048188925
47000127331
58000120339
64022119588
77070114980
85038106051
9445102549
10500090335

Suspected Bot List [2020-03-24]

detection period: 2020-03-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1670

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, March 24, 2020

Botnet Statistics [2020-03-23]

detection period: 2020-03-23 00:00-23:59 UTC
total number of suspected botnet IPs: 36989
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 35349
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1078
2VNPT-VN1030
3Baidu853
4VIETTEL-VN744
5HINET-NET708
6TENCENT-CN630
7TELKOMNET515
8CHINANET-JS501
9DIGITALOCEAN-7474
10KORNET421

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China11910
2United States3224
3Viet Nam2466
4Russian Federation1970
5Indonesia1365
6India1276
7France961
8Taiwan908
9Thailand774
10Egypt663

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181001993399
23306212696
31024200843
42048185621
5402289498
644587998
7777772137
8802270934
9444467012
102257832

Suspected Bot List [2020-03-23]

detection period: 2020-03-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1640

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, March 23, 2020

Botnet Statistics [2020-03-22]

detection period: 2020-03-22 00:00-23:59 UTC
total number of suspected botnet IPs: 32092
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30549
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1117
2Baidu893
3HINET-NET723
4TENCENT-CN660
5VIETTEL-VN653
6VNPT-VN648
7DIGITALOCEAN-7485
8CHINANET-JS418
9KORNET360
10CHINANET-GD360

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9258
2United States3353
3Viet Nam1801
4Russian Federation1756
5India1005
6France935
7Taiwan911
8Indonesia828
9Egypt581
10South Korea574

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181001984566
21024203074
32048172394
4402286825
5777771337
6802269617
7444465356
844563528
9590057895
102257527

Suspected Bot List [2020-03-22]

detection period: 2020-03-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1543

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, March 22, 2020

Botnet Statistics [2020-03-21]

detection period: 2020-03-21 00:00-23:59 UTC
total number of suspected botnet IPs: 32559
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30876
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1018
2VNPT-VN841
3Baidu795
4HINET-NET760
5VIETTEL-VN708
6TENCENT-CN622
7DIGITALOCEAN-7487
8TELKOMNET417
9CHINANET-JS403
10KORNET400

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7972
2United States3356
3Viet Nam2124
4Russian Federation1833
5India1516
6Indonesia1109
7Taiwan986
8France954
9South Korea632
10Egypt628

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181001946993
21024193011
32048175941
4402282714
544572993
6802269980
7777769222
8444462844
92259092
10232249136

Suspected Bot List [2020-03-21]

detection period: 2020-03-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1683

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, March 21, 2020

Botnet Statistics [2020-03-20]

detection period: 2020-03-20 00:00-23:59 UTC
total number of suspected botnet IPs: 36072
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34312
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1157
2VNPT-VN1123
3Baidu933
4VIETTEL-VN826
5HINET-NET787
6TENCENT-CN681
7TELKOMNET539
8DIGITALOCEAN-7485
9KORNET460
10CHINANET-JS417

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8832
2United States3547
3Viet Nam2594
4Russian Federation2051
5India1710
6Indonesia1390
7Taiwan998
8France980
9Thailand833
10South Korea720

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181001875652
21024194189
32048174035
4232294339
5402286852
644583875
7777772848
8802270648
9444467973
10503864926

Suspected Bot List [2020-03-20]

detection period: 2020-03-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1760

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, March 20, 2020

Botnet Statistics [2020-03-19]

detection period: 2020-03-19 00:00-23:59 UTC
total number of suspected botnet IPs: 36931
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34930
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1158
2VNPT-VN1022
3Baidu963
4HINET-NET823
5VIETTEL-VN784
6TENCENT-CN687
7TELKOMNET577
8KORNET499
9DIGITALOCEAN-7484
10CHINANET-JS411

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8983
2United States3455
3Viet Nam2497
4Russian Federation2126
5India1881
6Indonesia1505
7Taiwan1012
8France972
9Thailand771
10South Korea737

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
16004166016
22048155947
31024126507
4445109918
5232297996
6402288149
7777788106
8802273334
9444471763
10600360569

Suspected Bot List [2020-03-19]

detection period: 2020-03-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2001

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, March 19, 2020

Botnet Statistics [2020-03-18]

detection period: 2020-03-18 00:00-23:59 UTC
total number of suspected botnet IPs: 35272
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33383
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1154
2VNPT-VN1020
3Baidu952
4VIETTEL-VN802
5HINET-NET726
6TENCENT-CN700
7KORNET562
8TELKOMNET524
9DIGITALOCEAN-7487
10DO-13425

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8193
2United States3475
3Viet Nam2481
4Russian Federation1944
5India1766
6Indonesia1339
7France964
8Taiwan927
9South Korea814
10Egypt741

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11024225539
22321224176
32048192652
444585437
5444480259
6777778231
7802273548
8402272269
9590055590
102354415

Suspected Bot List [2020-03-18]

detection period: 2020-03-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1889

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, March 18, 2020

Botnet Statistics [2020-03-17]

detection period: 2020-03-17 00:00-23:59 UTC
total number of suspected botnet IPs: 38556
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 36563
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1173
2VNPT-VN1085
3Baidu1004
4HINET-NET852
5VIETTEL-VN828
6TENCENT-CN704
7TELKOMNET613
8KORNET553
9DIGITALOCEAN-7497
10DO-13417

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9798
2United States3572
3Viet Nam2605
4Russian Federation2043
5India1880
6Indonesia1560
7Taiwan1080
8France1020
9South Korea840
10Thailand809

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112337905457
212849388726
313619313359
413368253351
513113250363
614643243215
712593238011
81024228344
913106218693
1013873209640

Suspected Bot List [2020-03-17]

detection period: 2020-03-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1993

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, March 17, 2020

Botnet Statistics [2020-03-16]

detection period: 2020-03-16 00:00-23:59 UTC
total number of suspected botnet IPs: 38554
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 36646
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1161
2VNPT-VN1046
3Baidu1022
4VIETTEL-VN782
5HINET-NET740
6TENCENT-CN702
7TELKOMNET559
8DIGITALOCEAN-7495
9KORNET471
10CHINANET-JS471

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China11043
2United States3512
3Viet Nam2482
4Russian Federation1926
5India1787
6Indonesia1442
7France996
8Taiwan938
9South Korea744
10Thailand742

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1123371531898
212849654647
313619530984
413368427944
513113423340
614643408368
712593399665
813106370010
913873352756
1012857337333

Suspected Bot List [2020-03-16]

detection period: 2020-03-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1908

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, March 16, 2020

Botnet Statistics [2020-03-15]

detection period: 2020-03-15 00:00-23:59 UTC
total number of suspected botnet IPs: 33825
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32094
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1217
2Baidu1040
3TENCENT-CN719
4HINET-NET693
5VNPT-VN607
6VIETTEL-VN606
7DIGITALOCEAN-7493
8KORNET490
9DO-13405
10CHINANET-GD399

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8847
2United States3635
3Russian Federation1731
4Viet Nam1699
5India1190
6France1066
7Indonesia1005
8Taiwan952
9South Korea788
10Thailand591

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112337356076
212849150753
313619121927
42048109619
51336899003
61311398239
71464395419
81259393264
91310686102
101387381651

Suspected Bot List [2020-03-15]

detection period: 2020-03-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1731

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, March 15, 2020

Botnet Statistics [2020-03-14]

detection period: 2020-03-14 00:00-23:59 UTC
total number of suspected botnet IPs: 34491
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32844
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1047
2Baidu888
3VNPT-VN760
4VIETTEL-VN722
5HINET-NET674
6TENCENT-CN635
7KORNET520
8DIGITALOCEAN-7489
9CHINANET-JS467
10DO-13370

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China10438
2United States3370
3Viet Nam2019
4Russian Federation1617
5India1439
6Indonesia1036
7France933
8Taiwan920
9South Korea793
10Thailand575

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144581907
2777778890
3444468945
42255383
5402255367
6338948686
72339002
8852037163
91338928064
10590028059

Suspected Bot List [2020-03-14]

detection period: 2020-03-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1647

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, March 14, 2020

Botnet Statistics [2020-03-13]

detection period: 2020-03-13 00:00-23:59 UTC
total number of suspected botnet IPs: 35961
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34186
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1070
2VNPT-VN926
3Baidu898
4HINET-NET715
5VIETTEL-VN709
6TENCENT-CN667
7DIGITALOCEAN-6527
8KORNET503
9TELKOMNET494
10DIGITALOCEAN-7493

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9709
2United States3656
3Viet Nam2235
4Russian Federation1754
5India1731
6Indonesia1435
7France963
8Taiwan949
9South Korea785
10Thailand776

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
185201167697
2445128418
37777119743
4258073355
5444465844
6338955756
72249418
8800047081
9500046839
10402244091

Suspected Bot List [2020-03-13]

detection period: 2020-03-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1775

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, March 13, 2020

Botnet Statistics [2020-03-12]

detection period: 2020-03-12 00:00-23:59 UTC
total number of suspected botnet IPs: 35029
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33210
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN1180
2TencentCloud1083
3VIETTEL-VN918
4Baidu894
5HINET-NET722
6TENCENT-CN651
7DIGITALOCEAN-6616
8TELKOMNET603
9KORNET465
10CHINANET-JS419

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8169
2United States3300
3Viet Nam2722
4India1889
5Russian Federation1784
6Indonesia1617
7Thailand975
8Taiwan959
9France954
10South Korea716

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
185201355021
22580751743
35038149192
4445124214
57070124156
67000111201
7777779739
83902271414
9444463689
102254476

Suspected Bot List [2020-03-12]

detection period: 2020-03-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1819

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, March 12, 2020

Botnet Statistics [2020-03-11]

detection period: 2020-03-11 00:00-23:59 UTC
total number of suspected botnet IPs: 38417
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 36454
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN1240
2TencentCloud1077
3VIETTEL-VN930
4Baidu873
5HINET-NET745
6TELKOMNET680
7TENCENT-CN656
8DIGITALOCEAN-6622
9KORNET516
10DO-13442

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China10130
2United States3405
3Viet Nam2847
4India1902
5Russian Federation1899
6Indonesia1799
7Thailand1052
8France1002
9Taiwan962
10South Korea772

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12580320696
25038194363
37070192702
43333148592
57000130975
6445128512
78520109730
8777782524
93902274241
10444464945

Suspected Bot List [2020-03-11]

detection period: 2020-03-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1963

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, March 11, 2020

Botnet Statistics [2020-03-10]

detection period: 2020-03-10 00:00-23:59 UTC
total number of suspected botnet IPs: 35942
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34060
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN1087
2TencentCloud1077
3Baidu863
4VIETTEL-VN858
5HINET-NET759
6TENCENT-CN676
7DIGITALOCEAN-6620
8TELKOMNET609
9KORNET500
10CHINANET-JS414

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8830
2United States3334
3Viet Nam2633
4Russian Federation1813
5Indonesia1698
6India1409
7France990
8Taiwan984
9Thailand921
10South Korea746

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
18520590740
22323193573
3445105674
4777783280
5333377649
63902274439
7444466316
8338964789
92254642
10590042333

Suspected Bot List [2020-03-10]

detection period: 2020-03-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1882

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, March 10, 2020

Botnet Statistics [2020-03-09]

detection period: 2020-03-09 00:00-23:59 UTC
total number of suspected botnet IPs: 33225
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31301
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud990
2VNPT-VN966
3VIETTEL-VN810
4Baidu768
5HINET-NET724
6DIGITALOCEAN-6697
7TENCENT-CN637
8TELKOMNET519
9KORNET519
10CHINANET-JS377

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7899
2United States3197
3Viet Nam2376
4Russian Federation1667
5India1493
6Indonesia1406
7Taiwan967
8France941
9Thailand787
10South Korea764

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
15038231838
27070229045
32019132085
47000118162
58000108647
644590043
7777780862
8500078694
93902272755
10338969858

Suspected Bot List [2020-03-09]

detection period: 2020-03-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1924

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, March 9, 2020

Botnet Statistics [2020-03-08]

detection period: 2020-03-08 00:00-23:59 UTC
total number of suspected botnet IPs: 31379
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29831
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud984
2Baidu778
3DIGITALOCEAN-6722
4HINET-NET711
5TENCENT-CN637
6VNPT-VN623
7VIETTEL-VN606
8KORNET484
9CHINANET-JS387
10ALISOFT351

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8128
2United States3343
3Viet Nam1696
4Russian Federation1641
5India1159
6Taiwan981
7Indonesia974
8France951
9South Korea755
10Thailand625

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
140961390985
2404503511
32019334760
4777783125
53902274418
6444465885
744553828
82253268
9338951911
102346338