Custom Search

Friday, July 31, 2020

Botnet Statistics [2020-07-30]

detection period: 2020-07-30 00:00-23:59 UTC
total number of suspected botnet IPs: 29083
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27629
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1241
2VNPT-VN984
3Baidu743
4HINET-NET738
5TENCENT-CN637
6VIETTEL-VN521
7CHINANET-JS485
8TELKOMNET333
9CHINANET-GD326
10ALISOFT324

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7672
2United States2819
3Viet Nam2164
4India1580
5Russian Federation1425
6Brazil1321
7Indonesia1014
8Taiwan922
9France851
10Thailand588

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445453983
2212056035
3100152816
42249514
582247919
666646424
72342070
8143337000
9222234940
10100229806

Suspected Bot List [2020-07-30]

detection period: 2020-07-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1454

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, July 30, 2020

Botnet Statistics [2020-07-29]

detection period: 2020-07-29 00:00-23:59 UTC
total number of suspected botnet IPs: 29160
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27573
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1284
2VNPT-VN939
3Baidu736
4HINET-NET697
5TENCENT-CN642
6VIETTEL-VN539
7CHINANET-JS388
8VE-CSVE-LACNIC346
9ALISOFT340
10TELKOMNET330

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7289
2United States2867
3Viet Nam2163
4India1558
5Russian Federation1452
6Brazil1314
7Indonesia1012
8Taiwan870
9France862
10Thailand587

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445628168
21000192577
3333087343
4212063657
5600959513
6333953102
72252904
892243507
93342264
1066636905

Suspected Bot List [2020-07-29]

detection period: 2020-07-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1587

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, July 29, 2020

Botnet Statistics [2020-07-28]

detection period: 2020-07-28 00:00-23:59 UTC
total number of suspected botnet IPs: 30358
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28627
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1303
2VNPT-VN1031
3HINET-NET780
4Baidu757
5TENCENT-CN668
6VIETTEL-VN553
7VE-CSVE-LACNIC433
8CHINANET-JS404
9ALISOFT399
10TELKOMNET337

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7632
2United States3120
3Viet Nam2243
4India1515
5Russian Federation1429
6Brazil1338
7Indonesia1060
8Taiwan974
9France878
10South Korea500

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445449883
2227107777
3333490337
444486853
5333783551
6333683134
722882166
8333579352
9333879284
1019162300

Suspected Bot List [2020-07-28]

detection period: 2020-07-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1731

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, July 28, 2020

Botnet Statistics [2020-07-27]

detection period: 2020-07-27 00:00-23:59 UTC
total number of suspected botnet IPs: 31436
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29692
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1345
2VNPT-VN1046
3Baidu797
4HINET-NET720
5TENCENT-CN683
6VIETTEL-VN549
7VE-CSVE-LACNIC461
8ALISOFT436
9CHINANET-JS427
10CMNET365

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8042
2United States3198
3Viet Nam2260
4Russian Federation1550
5India1522
6Brazil1441
7Indonesia1034
8France914
9Taiwan910
10Venezuela557

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445364938
2901120844
3201119944
4161117041
5181114640
6301112909
7141110241
8501110236
9555108812
10601108156

Suspected Bot List [2020-07-27]

detection period: 2020-07-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1744

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, July 27, 2020

Botnet Statistics [2020-07-26]

detection period: 2020-07-26 00:00-23:59 UTC
total number of suspected botnet IPs: 26898
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25548
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1193
2Baidu697
3HINET-NET694
4TENCENT-CN609
5VNPT-VN587
6CHINANET-JS406
7ALISOFT379
8VIETTEL-VN370
9VE-CSVE-LACNIC367
10CMNET314

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8165
2United States2890
3Viet Nam1437
4Russian Federation1248
5Brazil1061
6India939
7Taiwan887
8France825
9Indonesia627
10South Korea457

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445140895
2801111246
311195220
410185295
577784611
62973843
788852646
82252635
9600543916
102342120

Suspected Bot List [2020-07-26]

detection period: 2020-07-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1350

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, July 26, 2020

Botnet Statistics [2020-07-25]

detection period: 2020-07-25 00:00-23:59 UTC
total number of suspected botnet IPs: 29774
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28338
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1182
2VNPT-VN814
3HINET-NET748
4Baidu698
5TENCENT-CN615
6VIETTEL-VN460
7CHINANET-JS457
8VE-CSVE-LACNIC391
9ALISOFT360
10CMNET316

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9553
2United States3026
3Viet Nam1821
4Russian Federation1234
5India1232
6Brazil1145
7Taiwan952
8Indonesia867
9France815
10Venezuela469

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445299650
2701111285
32883308
42252105
5331145302
62336862
7338933958
81029675
9143329608
1010128614

Suspected Bot List [2020-07-25]

detection period: 2020-07-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1436

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, July 25, 2020

Botnet Statistics [2020-07-24]

detection period: 2020-07-24 00:00-23:59 UTC
total number of suspected botnet IPs: 31562
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29990
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1199
2VNPT-VN1011
3HINET-NET746
4Baidu704
5TENCENT-CN621
6MSFT596
7VIETTEL-VN563
8CHINANET-JS442
9VE-CSVE-LACNIC347
10CHINANET-GD338

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9338
2United States3586
3Viet Nam2169
4Russian Federation1412
5India1394
6Brazil1329
7Indonesia989
8Taiwan956
9France834
10Thailand557

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445278186
220288781
310160310
42253037
5143341063
62737621
72334031
8338933399
9890024416
10860023604

Suspected Bot List [2020-07-24]

detection period: 2020-07-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1572

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, July 24, 2020

Botnet Statistics [2020-07-23]

detection period: 2020-07-23 00:00-23:59 UTC
total number of suspected botnet IPs: 28687
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27191
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1220
2VNPT-VN956
3HINET-NET768
4Baidu707
5TENCENT-CN627
6VIETTEL-VN485
7CHINANET-JS420
8VE-CSVE-LACNIC365
9CHINANET-GD315
10TELKOMNET292

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7770
2United States3005
3Viet Nam1972
4India1337
5Brazil1291
6Russian Federation1285
7Taiwan971
8Indonesia858
9France837
10Thailand490

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445216251
2404119398
31080118667
4808118420
5303118278
61090115508
71017114458
81030113160
91016113053
101018112431

Suspected Bot List [2020-07-23]

detection period: 2020-07-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1496

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, July 23, 2020

Botnet Statistics [2020-07-22]

detection period: 2020-07-22 00:00-23:59 UTC
total number of suspected botnet IPs: 29804
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28356
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1225
2VNPT-VN957
3HINET-NET753
4Baidu726
5MSFT705
6TENCENT-CN643
7VIETTEL-VN497
8CHINANET-JS418
9VE-CSVE-LACNIC393
10CMNET341

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8279
2United States3628
3Viet Nam1986
4India1282
5Brazil1257
6Russian Federation1252
7Taiwan967
8Indonesia896
9France825
10Thailand476

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445449826
21060117078
31050116865
41014113310
51011110897
61013106261
7101560981
8143356647
92251663
102344051

Suspected Bot List [2020-07-22]

detection period: 2020-07-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1448

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, July 22, 2020

Botnet Statistics [2020-07-21]

detection period: 2020-07-21 00:00-23:59 UTC
total number of suspected botnet IPs: 29320
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27838
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1262
2VNPT-VN878
3MSFT733
4Baidu731
5HINET-NET716
6TENCENT-CN657
7VIETTEL-VN523
8CHINANET-JS399
9ALISOFT357
10VE-CSVE-LACNIC356

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7706
2United States3791
3Viet Nam1877
4India1284
5Russian Federation1248
6Brazil1234
7Taiwan912
8Indonesia909
9France892
10Thailand511

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445259926
2702378488
3143369831
42355196
52246231
62646163
72536792
8222432718
9338930033
10121237

Suspected Bot List [2020-07-21]

detection period: 2020-07-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1482

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, July 21, 2020

Botnet Statistics [2020-07-20]

detection period: 2020-07-20 00:00-23:59 UTC
total number of suspected botnet IPs: 29848
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28369
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1285
2VNPT-VN845
3Baidu748
4MSFT733
5HINET-NET706
6TENCENT-CN683
7VIETTEL-VN449
8DIGITALOCEAN-192-241-128-0386
9CHINANET-JS385
10ALISOFT377

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7913
2United States3943
3Viet Nam1738
4India1323
5Brazil1288
6Russian Federation1266
7Indonesia958
8France885
9Taiwan880
10Thailand510

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445219412
2122295862
32576555
4143357951
52247807
62138279
7338937124
8590136203
92335454
10229916578

Suspected Bot List [2020-07-20]

detection period: 2020-07-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1479

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, July 20, 2020

Botnet Statistics [2020-07-19]

detection period: 2020-07-19 00:00-23:59 UTC
total number of suspected botnet IPs: 27565
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26185
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1371
2HINET-NET889
3Baidu825
4TENCENT-CN711
5VNPT-VN476
6ALISOFT463
7DIGITALOCEAN-192-241-128-0447
8CHINANET-JS381
9CHINANET-GD331
10VIETTEL-VN308

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7842
2United States3505
3Russian Federation1205
4Brazil1166
5Viet Nam1153
6Taiwan1109
7France911
8India880
9Indonesia698
10South Korea509

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445344461
22060166254
3207089957
4302088379
5304085877
6305085348
7205083515
8208081959
92248722
10590145038

Suspected Bot List [2020-07-19]

detection period: 2020-07-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1380

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, July 19, 2020

Botnet Statistics [2020-07-18]

detection period: 2020-07-18 00:00-23:59 UTC
total number of suspected botnet IPs: 27019
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25705
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1172
2HINET-NET796
3Baidu714
4VNPT-VN713
5TENCENT-CN540
6DIGITALOCEAN-192-241-128-0514
7ALISOFT485
8VIETTEL-VN421
9CHINANET-JS334
10CHINANET-GD322

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7077
2United States3539
3Viet Nam1555
4India1216
5Russian Federation1181
6Brazil1157
7Taiwan995
8France836
9Indonesia747
10South Korea493

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445325803
22036187740
32039157402
42038150380
52035148954
62040138586
72037132507
87035124755
92029124716
107032124701

Suspected Bot List [2020-07-18]

detection period: 2020-07-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1314

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, July 18, 2020

Botnet Statistics [2020-07-17]

detection period: 2020-07-17 00:00-23:59 UTC
total number of suspected botnet IPs: 28692
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27242
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1173
2VNPT-VN974
3HINET-NET880
4Baidu728
5TENCENT-CN536
6VIETTEL-VN505
7DIGITALOCEAN-192-241-128-0504
8ALISOFT458
9CHINANET-JS363
10CHINANET-GD351

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7270
2United States3421
3Viet Nam1987
4Russian Federation1367
5India1353
6Brazil1342
7Taiwan1077
8Indonesia933
9France840
10Thailand555

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445233145
2143360817
32252225
4590148035
52339811
6338933471
7990219379
8950619242
922413097
10221211926

Suspected Bot List [2020-07-17]

detection period: 2020-07-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1450

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, July 17, 2020

Botnet Statistics [2020-07-16]

detection period: 2020-07-16 00:00-23:59 UTC
total number of suspected botnet IPs: 29464
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27977
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1173
2VNPT-VN954
3HINET-NET950
4Baidu743
5TENCENT-CN557
6VIETTEL-VN527
7DIGITALOCEAN-192-241-128-0514
8ALISOFT377
9MSFT375
10CHINANET-JS350

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7153
2United States3704
3Viet Nam1963
4India1444
5Russian Federation1344
6Brazil1311
7Taiwan1151
8Indonesia955
9France858
10Thailand566

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445280966
22355006
3590148221
4143348212
52246774
6338943832
72203136271
8471124660
9540023189
10530022963

Suspected Bot List [2020-07-16]

detection period: 2020-07-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1487

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, July 16, 2020

Botnet Statistics [2020-07-15]

detection period: 2020-07-15 00:00-23:59 UTC
total number of suspected botnet IPs: 29536
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27886
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1208
2HINET-NET909
3VNPT-VN896
4Baidu754
5TENCENT-CN578
6VIETTEL-VN564
7DIGITALOCEAN-192-241-128-0518
8ALISOFT387
9VE-CSVE-LACNIC327
10CMNET302

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7166
2United States3622
3Viet Nam1943
4India1422
5Russian Federation1417
6Brazil1298
7Taiwan1132
8Indonesia902
9France843
10Thailand564

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445344839
223100425
3391188696
4338965160
5143353524
62203148485
72238796
8300035263
9590127555
10480026349

Suspected Bot List [2020-07-15]

detection period: 2020-07-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1650

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, July 15, 2020

Botnet Statistics [2020-07-14]

detection period: 2020-07-14 00:00-23:59 UTC
total number of suspected botnet IPs: 29298
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27855
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1201
2HINET-NET998
3VNPT-VN953
4Baidu783
5TENCENT-CN582
6VIETTEL-VN526
7DIGITALOCEAN-192-241-128-0507
8ALISOFT425
9VE-CSVE-LACNIC405
10CHINANET-JS346

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7302
2United States3381
3Viet Nam1996
4Brazil1455
5Russian Federation1375
6India1315
7Taiwan1177
8France880
9Indonesia877
10Thailand607

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445331063
2208286871
3338970867
4143353930
52244163
6210242475
7990242031
8300035604
9208329845
102323559

Suspected Bot List [2020-07-14]

detection period: 2020-07-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1443

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, July 14, 2020

Botnet Statistics [2020-07-13]

detection period: 2020-07-13 00:00-23:59 UTC
total number of suspected botnet IPs: 29797
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28200
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1249
2VNPT-VN1072
3HINET-NET864
4Baidu784
5TENCENT-CN603
6VIETTEL-VN558
7DIGITALOCEAN-192-241-128-0513
8ALISOFT413
9CHINANET-JS358
10CMNET324

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7465
2United States3420
3Viet Nam2156
4Brazil1449
5India1379
6Russian Federation1361
7Taiwan1051
8France919
9Indonesia888
10Thailand617

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445279232
2120094075
32203083231
4210168586
5111462469
6338960180
7181159682
8191158673
9281151532
10143349532

Suspected Bot List [2020-07-13]

detection period: 2020-07-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1597

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, July 13, 2020

Botnet Statistics [2020-07-12]

detection period: 2020-07-12 00:00-23:59 UTC
total number of suspected botnet IPs: 28542
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27102
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1349
2HINET-NET955
3Baidu891
4TENCENT-CN701
5VNPT-VN523
6DIGITALOCEAN-192-241-128-0520
7ALISOFT455
8VIETTEL-VN397
9CHINANET-JS371
10CMNET327

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7913
2United States3678
3Viet Nam1312
4Brazil1291
5Russian Federation1182
6Taiwan1167
7India922
8France888
9Indonesia666
10South Korea523

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445127181
21111116082
31112109645
41500108430
51113105750
6210995059
7351191307
8210590512
9250390271
10210490261

Suspected Bot List [2020-07-12]

detection period: 2020-07-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1440

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, July 12, 2020

Botnet Statistics [2020-07-11]

detection period: 2020-07-11 00:00-23:59 UTC
total number of suspected botnet IPs: 27452
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26203
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1219
2HINET-NET941
3Baidu841
4VNPT-VN659
5TENCENT-CN628
6DIGITALOCEAN-192-241-128-0518
7VIETTEL-VN441
8ALISOFT385
9CHINANET-JS362
10CHINANET-GD330

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7401
2United States3530
3Viet Nam1531
4Brazil1240
5Russian Federation1162
6Taiwan1153
7India1067
8France815
9Indonesia704
10Thailand482

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445211756
21108115643
31109114226
41106113423
51300111825
61107109586
71400101505
8240091630
9270090021
10280089983

Suspected Bot List [2020-07-11]

detection period: 2020-07-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1249

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, July 11, 2020

Botnet Statistics [2020-07-10]

detection period: 2020-07-10 00:00-23:59 UTC
total number of suspected botnet IPs: 30356
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28936
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1271
2VNPT-VN953
3HINET-NET917
4Baidu843
5TENCENT-CN657
6CHINANET-AH562
7DIGITALOCEAN-192-241-128-0514
8VIETTEL-VN492
9ALISOFT446
10CHINANET-JS379

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8299
2United States3676
3Viet Nam1927
4Brazil1505
5Russian Federation1365
6India1330
7Taiwan1119
8Indonesia859
9France841
10Thailand584

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445176609
2143349144
32247910
42330518
5338927383
6205624449
7206219618
8206019602
9205818457
10205218450

Suspected Bot List [2020-07-10]

detection period: 2020-07-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1420

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, July 10, 2020

Botnet Statistics [2020-07-09]

detection period: 2020-07-09 00:00-23:59 UTC
total number of suspected botnet IPs: 30725
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29361
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1351
2VNPT-VN989
3HINET-NET968
4Baidu857
5DIGITALOCEAN-192-241-128-0705
6TENCENT-CN694
7VIETTEL-VN529
8ALISOFT463
9CHINANET-JS404
10VE-CSVE-LACNIC345

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8178
2United States3822
3Viet Nam2046
4Brazil1527
5Russian Federation1367
6India1341
7Taiwan1189
8Indonesia930
9France858
10Thailand620

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445181735
2143382780
32247466
4338932689
52328151
6600027961
755526816
812217724
9989816857
10204714407

Suspected Bot List [2020-07-09]

detection period: 2020-07-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1364

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, July 9, 2020

Botnet Statistics [2020-07-08]

detection period: 2020-07-08 00:00-23:59 UTC
total number of suspected botnet IPs: 30669
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29127
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1352
2VNPT-VN1004
3HINET-NET955
4Baidu865
5TENCENT-CN703
6VIETTEL-VN535
7DIGITALOCEAN-192-241-128-0534
8ALISOFT445
9CHINANET-JS383
10CHINANET-GD354

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8040
2United States3608
3Viet Nam2064
4Brazil1490
5India1353
6Russian Federation1348
7Taiwan1178
8Indonesia933
9France859
10Thailand667

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445314081
2143349957
355548426
42247265
5100135510
612232702
72328736
8338927562
9142227047
10204622901