Custom Search

Tuesday, June 30, 2020

Botnet Statistics [2020-06-29]

detection period: 2020-06-29 00:00-23:59 UTC
total number of suspected botnet IPs: 33657
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31482
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1448
2VNPT-VN1092
3Baidu1046
4TENCENT-CN776
5HINET-NET618
6DIGITALOCEAN-192-241-128-0587
7VIETTEL-VN569
8ALISOFT461
9CHINANET-GD373
10CMNET354

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8622
2United States3915
3Viet Nam2228
4Brazil1785
5Russian Federation1469
6India1416
7Indonesia957
8France951
9Taiwan789
10Thailand766

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445178256
2383891743
3272791215
4282890825
5393985301
6220770144
72252270
82345661
9143344224
10228341289

Suspected Bot List [2020-06-29]

detection period: 2020-06-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2175

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, June 29, 2020

Botnet Statistics [2020-06-28]

detection period: 2020-06-28 00:00-23:59 UTC
total number of suspected botnet IPs: 26215
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24961
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1315
2Baidu939
3TENCENT-CN693
4DIGITALOCEAN-192-241-128-0581
5VNPT-VN524
6HINET-NET496
7ALISOFT382
8CHINANET-JS347
9VIETTEL-VN346
10CHINANET-GD335

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7718
2United States3304
3Viet Nam1261
4Russian Federation1253
5Brazil1168
6India912
7France836
8Taiwan666
9Indonesia613
10South Korea467

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445152725
2373787609
3363684090
4191979322
5220769510
6343466294
7181864459
8228055276
9242454461
10143353335

Suspected Bot List [2020-06-28]

detection period: 2020-06-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1254

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, June 28, 2020

Botnet Statistics [2020-06-27]

detection period: 2020-06-27 00:00-23:59 UTC
total number of suspected botnet IPs: 29178
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27851
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1326
2Baidu946
3VNPT-VN735
4TENCENT-CN690
5HINET-NET669
6DIGITALOCEAN-192-241-128-0602
7VIETTEL-VN410
8ALISOFT378
9CHINANET-JS347
10CHINANET-GD335

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7942
2United States3756
3Viet Nam1633
4Brazil1498
5India1437
6Russian Federation1271
7France854
8Taiwan826
9Indonesia689
10Thailand568

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445195021
2171793877
3323286708
4161681943
5143373157
6220772358
72354762
82248098
92200743828
10242434713

Suspected Bot List [2020-06-27]

detection period: 2020-06-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1327

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, June 27, 2020

Botnet Statistics [2020-06-26]

detection period: 2020-06-26 00:00-23:59 UTC
total number of suspected botnet IPs: 28929
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27524
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1296
2Baidu957
3VNPT-VN955
4TENCENT-CN698
5VIETTEL-VN516
6HINET-NET442
7DIGITALOCEAN-192-241-128-0411
8ALISOFT392
9VE-CSVE-LACNIC373
10CHINANET-GD336

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7734
2United States3744
3Viet Nam2000
4Brazil1434
5Russian Federation1316
6India1270
7Indonesia856
8France844
9Taiwan595
10Thailand504

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445258856
22207165205
31414111992
4990296881
5151591404
62254928
7143354687
811050188
9848435417
10942235312

Suspected Bot List [2020-06-26]

detection period: 2020-06-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1405

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, June 26, 2020

Botnet Statistics [2020-06-25]

detection period: 2020-06-25 00:00-23:59 UTC
total number of suspected botnet IPs: 29818
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28431
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1310
2VNPT-VN976
3Baidu955
4TENCENT-CN709
5VIETTEL-VN526
6HINET-NET426
7DIGITALOCEAN-192-241-128-0412
8ALISOFT381
9MSFT338
10TELKOMNET313

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7670
2United States3945
3Viet Nam2087
4Brazil1504
5India1453
6Russian Federation1347
7Indonesia892
8France850
9Thailand599
10Taiwan566

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445209087
2131395211
3220758244
42256990
5143356939
6712251108
7273649025
8199448469
9225948458
10492446046

Suspected Bot List [2020-06-25]

detection period: 2020-06-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1387

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, June 25, 2020

Botnet Statistics [2020-06-24]

detection period: 2020-06-24 00:00-23:59 UTC
total number of suspected botnet IPs: 30293
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28875
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1351
2VNPT-VN964
3Baidu949
4DIGITALOCEAN-192-241-128-0787
5TENCENT-CN716
6VIETTEL-VN561
7CHINANET-JS439
8ALISOFT411
9HINET-NET393
10CHINANET-GD337

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8141
2United States4056
3Viet Nam2142
4Brazil1508
5India1387
6Russian Federation1226
7Indonesia894
8France869
9Thailand596
10Taiwan544

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445463582
2654112004
32257485
4143352921
52345267
6656533978
7123433863
8632232547
9682232309
10592231577

Suspected Bot List [2020-06-24]

detection period: 2020-06-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1418

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, June 24, 2020

Botnet Statistics [2020-06-23]

detection period: 2020-06-23 00:00-23:59 UTC
total number of suspected botnet IPs: 31659
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30196
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1310
2VNPT-VN980
3Baidu971
4TENCENT-CN715
5DIGITALOCEAN-192-241-128-0699
6VIETTEL-VN505
7CHINANET-JS471
8ALISOFT467
9HINET-NET460
10CMNET372

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8470
2United States4013
3Viet Nam2089
4Brazil1598
5India1596
6Russian Federation1438
7Indonesia911
8France866
9Thailand681
10Taiwan599

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11900497323
2445245606
37007200555
47006200158
57009200093
67014198550
77012195178
87003194797
97008194514
107004193572

Suspected Bot List [2020-06-23]

detection period: 2020-06-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1463

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, June 23, 2020

Botnet Statistics [2020-06-22]

detection period: 2020-06-22 00:00-23:59 UTC
total number of suspected botnet IPs: 31890
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30409
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1391
2VNPT-VN1207
3Baidu1018
4TENCENT-CN747
5VIETTEL-VN566
6HINET-NET517
7CHINANET-JS447
8DIGITALOCEAN-162-243-0-0430
9ALISOFT417
10CHINANET-GD384

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8350
2United States3773
3Viet Nam2408
4Russian Federation1636
5India1456
6Brazil1421
7Indonesia1015
8France892
9Taiwan658
10Thailand606

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445340084
2999112096
32255844
4143350175
566636096
6252535714
7223235344
8494933671
92333087
10338932684

Suspected Bot List [2020-06-22]

detection period: 2020-06-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1481

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, June 22, 2020

Botnet Statistics [2020-06-21]

detection period: 2020-06-21 00:00-23:59 UTC
total number of suspected botnet IPs: 29279
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27941
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1372
2Baidu1043
3TENCENT-CN763
4VNPT-VN690
5CHINANET-JS473
6HINET-NET457
7ALISOFT454
8DIGITALOCEAN-162-243-0-0451
9VIETTEL-VN386
10CHINANET-GD374

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8417
2United States3547
3Viet Nam1620
4Russian Federation1561
5Brazil1275
6India1026
7France915
8Indonesia685
9Taiwan600
10South Korea469

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445135945
288896891
344455483
42251828
566641406
66235748
7143335728
852235424
932233810
102333775

Suspected Bot List [2020-06-21]

detection period: 2020-06-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1338

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, June 21, 2020

Botnet Statistics [2020-06-20]

detection period: 2020-06-20 00:00-23:59 UTC
total number of suspected botnet IPs: 28359
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26970
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1184
2Baidu933
3VNPT-VN888
4TENCENT-CN633
5HINET-NET500
6CHINANET-JS492
7VIETTEL-VN475
8DIGITALOCEAN-162-243-0-0451
9VE-CSVE-LACNIC374
10ALISOFT367

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7687
2United States3007
3Viet Nam1983
4India1457
5Russian Federation1442
6Brazil1229
7France821
8Indonesia793
9Taiwan634
10South Korea480

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445230873
277771870
344459047
42250837
566647304
62347174
7338937880
8848435192
9929234356
1033333332

Suspected Bot List [2020-06-20]

detection period: 2020-06-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1389

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, June 20, 2020

Botnet Statistics [2020-06-19]

detection period: 2020-06-19 00:00-23:59 UTC
total number of suspected botnet IPs: 30700
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29174
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1237
2VNPT-VN1234
3Baidu924
4TENCENT-CN653
5VIETTEL-VN592
6HINET-NET518
7CHINANET-JS488
8DIGITALOCEAN-162-243-0-0454
9ALISOFT408
10CHINANET-GD357

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7928
2United States3080
3Viet Nam2499
4Russian Federation1659
5India1579
6Brazil1404
7Indonesia950
8France856
9Taiwan655
10Thailand579

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445260491
2555104974
333382008
42371490
52251563
6143341952
7585833832
877733808
9747433741
10338932479

Suspected Bot List [2020-06-19]

detection period: 2020-06-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1526

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, June 19, 2020

Botnet Statistics [2020-06-18]

detection period: 2020-06-18 00:00-23:59 UTC
total number of suspected botnet IPs: 32746
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30987
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1274
2VNPT-VN1163
3Baidu941
4TENCENT-CN677
5VIETTEL-VN595
6HINET-NET485
7ALISOFT467
8DIGITALOCEAN-162-243-0-0461
9CHINANET-AH432
10VE-CSVE-LACNIC422

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8381
2United States3363
3Viet Nam2433
4Russian Federation1763
5India1597
6Brazil1466
7Indonesia1130
8France888
9Egypt807
10Taiwan639

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1622223986
21004199504
32024193737
42021193544
51777191729
61920179783
72022179473
81933178062
9445176550
101900174378

Suspected Bot List [2020-06-18]

detection period: 2020-06-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1759

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, June 18, 2020

Botnet Statistics [2020-06-17]

detection period: 2020-06-17 00:00-23:59 UTC
total number of suspected botnet IPs: 32347
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30611
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1292
2VNPT-VN1077
3Baidu931
4TENCENT-CN684
5VIETTEL-VN599
6HINET-NET508
7CHINANET-JS496
8ALISOFT479
9DIGITALOCEAN-162-243-0-0450
10CHINANET-AH412

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8431
2United States3393
3Viet Nam2366
4Russian Federation1653
5India1612
6Brazil1447
7Indonesia1045
8France923
9Taiwan683
10Egypt618

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11004311595
23131309095
3622298949
42021250153
51922245305
62022240388
71920239475
82020238215
91900231785
101933229419

Suspected Bot List [2020-06-17]

detection period: 2020-06-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1736

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, June 17, 2020

Botnet Statistics [2020-06-16]

detection period: 2020-06-16 00:00-23:59 UTC
total number of suspected botnet IPs: 33095
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31356
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1307
2VNPT-VN1020
3Baidu907
4TENCENT-CN688
5VIETTEL-VN632
6HINET-NET559
7ALISOFT532
8CHINANET-JS473
9DIGITALOCEAN-162-243-0-0463
10CHINANET-GD393

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8232
2United States3744
3Viet Nam2330
4Russian Federation1683
5India1564
6Brazil1521
7Indonesia1123
8France898
9Taiwan710
10Thailand640

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1622338584
21004330164
31933275523
42021274607
51777273408
62022269691
71922267541
81900262576
92020261506
101920251942

Suspected Bot List [2020-06-16]

detection period: 2020-06-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1739

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, June 16, 2020

Botnet Statistics [2020-06-15]

detection period: 2020-06-15 00:00-23:59 UTC
total number of suspected botnet IPs: 33610
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31919
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1305
2VNPT-VN1009
3Baidu941
4TENCENT-CN709
5VIETTEL-VN644
6HINET-NET572
7ALISOFT523
8DIGITALOCEAN-162-243-0-0473
9CHINANET-JS459
10VE-CSVE-LACNIC384

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8257
2United States3780
3Viet Nam2307
4Russian Federation1764
5India1602
6Brazil1549
7Indonesia1137
8France900
9Taiwan726
10Thailand678

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181479235
21004326888
3622324627
42021269814
52024262631
63131258805
71920258289
81922250777
93031248138
102022242801

Suspected Bot List [2020-06-15]

detection period: 2020-06-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1691

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, June 15, 2020

Botnet Statistics [2020-06-14]

detection period: 2020-06-14 00:00-23:59 UTC
total number of suspected botnet IPs: 29658
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28232
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1292
2Baidu969
3TENCENT-CN707
4VNPT-VN603
5HINET-NET592
6DIGITALOCEAN-162-243-0-0472
7CHINANET-JS457
8ALISOFT446
9VIETTEL-VN401
10CHINANET-GD356

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8071
2United States3381
3Russian Federation1553
4Viet Nam1531
5Brazil1326
6India1096
7France848
8Taiwan788
9Indonesia783
10South Korea536

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
181466370
244574583
32365353
42249614
5143334916
6338928105
7707026420
8590023138
9602222968
10229222124

Suspected Bot List [2020-06-14]

detection period: 2020-06-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1426

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, June 14, 2020

Botnet Statistics [2020-06-13]

detection period: 2020-06-13 00:00-23:59 UTC
total number of suspected botnet IPs: 28523
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27161
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1193
2Baidu917
3HINET-NET694
4VNPT-VN667
5TENCENT-CN640
6VIETTEL-VN480
7DIGITALOCEAN-162-243-0-0475
8CHINANET-JS462
9ALISOFT398
10VE-CSVE-LACNIC395

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7647
2United States2931
3Viet Nam1731
4Russian Federation1456
5India1354
6Brazil1276
7Taiwan900
8Indonesia818
9France778
10South Korea500

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1442767349
2445235182
3333269918
4111167261
52249025
62344683
7338941206
8555238528
9606038244
10444237641

Suspected Bot List [2020-06-13]

detection period: 2020-06-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1362

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, June 13, 2020

Botnet Statistics [2020-06-12]

detection period: 2020-06-12 00:00-23:59 UTC
total number of suspected botnet IPs: 30621
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29158
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1213
2VNPT-VN992
3Baidu933
4HINET-NET752
5TENCENT-CN655
6VIETTEL-VN582
7DIGITALOCEAN-162-243-0-0478
8CHINANET-JS461
9CHINANET-GD391
10ALISOFT357

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7690
2United States3292
3Viet Nam2271
4India1525
5Russian Federation1512
6Brazil1432
7Indonesia1030
8Taiwan962
9France795
10Thailand603

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1442472072
2445256738
3901116735
4902116302
5804115318
6808115177
7900115102
8903114308
9803111783
10800111640

Suspected Bot List [2020-06-12]

detection period: 2020-06-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1463

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, June 12, 2020

Botnet Statistics [2020-06-11]

detection period: 2020-06-11 00:00-23:59 UTC
total number of suspected botnet IPs: 31455
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29969
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1201
2VNPT-VN1048
3Baidu943
4HINET-NET679
5TENCENT-CN660
6VIETTEL-VN646
7DIGITALOCEAN-162-243-0-0474
8CHINANET-JS443
9CHINANET-GD418
10ALISOFT376

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8201
2United States3136
3Viet Nam2384
4Russian Federation1631
5India1574
6Brazil1314
7Indonesia1100
8Taiwan879
9France822
10Thailand644

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445125998
22251451
3143348252
42341419
5900940191
6602236529
7338936432
820328156
9228223485
10299222612

Suspected Bot List [2020-06-11]

detection period: 2020-06-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1486

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, June 11, 2020

Botnet Statistics [2020-06-10]

detection period: 2020-06-10 00:00-23:59 UTC
total number of suspected botnet IPs: 32985
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31403
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1217
2VNPT-VN1029
3Baidu968
4HINET-NET681
5TENCENT-CN673
6VIETTEL-VN615
7DIGITALOCEAN-162-243-0-0490
8CHINANET-JS488
9ALISOFT473
10CHINANET-GD421

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8973
2United States3386
3Viet Nam2298
4Russian Federation1755
5India1601
6Brazil1578
7Indonesia1073
8Taiwan839
9France807
10Thailand662

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144589587
22259756
32344700
4900842260
5143337485
6900437391
7602237037
8222235300
9902133328
10338930155

Suspected Bot List [2020-06-10]

detection period: 2020-06-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1582

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, June 10, 2020

Botnet Statistics [2020-06-09]

detection period: 2020-06-09 00:00-23:59 UTC
total number of suspected botnet IPs: 32560
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30967
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1242
2VNPT-VN1080
3Baidu924
4HINET-NET793
5TENCENT-CN681
6VIETTEL-VN642
7DIGITALOCEAN-162-243-0-0490
8VE-CSVE-LACNIC386
9CHINANET-GD374
10ALISOFT358

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8538
2United States3171
3Viet Nam2406
4Russian Federation1688
5India1577
6Brazil1486
7Indonesia1036
8Taiwan966
9France878
10Thailand666

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445126905
2701116522
3603116359
4702116352
5606115961
6604115910
7601114325
8605107749
9602105453
10143358986

Suspected Bot List [2020-06-09]

detection period: 2020-06-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1593

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, June 9, 2020

Botnet Statistics [2020-06-08]

detection period: 2020-06-08 00:00-23:59 UTC
total number of suspected botnet IPs: 31513
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29952
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1266
2VNPT-VN1015
3Baidu942
4HINET-NET848
5TENCENT-CN721
6VIETTEL-VN609
7DIGITALOCEAN-162-243-0-0500
8CHINANET-GD400
9ALISOFT370
10VE-CSVE-LACNIC336

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7845
2United States3116
3Viet Nam2310
4Russian Federation1722
5India1532
6Brazil1487
7Taiwan1073
8Indonesia1036
9France866
10Thailand652

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1110228705
2445135145
3600113541
4700111588
51234101215
62257041
7143356425
8338948434
9802139799
10902337820

Suspected Bot List [2020-06-08]

detection period: 2020-06-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1561

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, June 8, 2020

Botnet Statistics [2020-06-07]

detection period: 2020-06-07 00:00-23:59 UTC
total number of suspected botnet IPs: 30036
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28648
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1284
2Baidu962
3HINET-NET833
4TENCENT-CN730
5VNPT-VN649
6DIGITALOCEAN-162-243-0-0500
7CHINANET-JS445
8ALISOFT424
9VIETTEL-VN392
10CHINANET-GD392

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8627
2United States3201
3Viet Nam1548
4Russian Federation1538
5Brazil1299
6Taiwan1056
7India1005
8France901
9Indonesia745
10South Korea497

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445176070
2320088445
32262334
4143330457
5338930274
62329799
7212226447
8802324271
9602223032
105002019595