Custom Search

Monday, August 31, 2020

Botnet Statistics [2020-08-30]

detection period: 2020-08-30 00:00-23:59 UTC
total number of suspected botnet IPs: 26718
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25267
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1294
2Baidu688
3DIGITALOCEAN-192-241-128-0653
4TENCENT-CN605
5VNPT-VN557
6ALISOFT521
7HINET-NET386
8CHINANET-JS385
9CHINANET-GD336
10VIETTEL-VN335

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7448
2United States3240
3Russian Federation1355
4Viet Nam1285
5Brazil1110
6India1059
7France893
8Indonesia657
9Egypt503
10Taiwan498

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445507045
232256679
3143352330
452249833
572247580
6122246700
7112246485
82246172
922246101
1092245641

Suspected Bot List [2020-08-30]

detection period: 2020-08-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1451

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, August 30, 2020

Botnet Statistics [2020-08-29]

detection period: 2020-08-29 00:00-23:59 UTC
total number of suspected botnet IPs: 26105
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24709
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1202
2VNPT-VN743
3DIGITALOCEAN-192-241-128-0668
4Baidu650
5TENCENT-CN548
6ALISOFT447
7CHINANET-JS412
8VIETTEL-VN401
9HINET-NET342
10VE-CSVE-LACNIC284

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6692
2United States3141
3Viet Nam1546
4India1334
5Russian Federation1278
6Brazil1121
7France858
8Indonesia708
9Netherlands478
10Taiwan464

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445635129
28044286907
3322785925
4322885142
5112263849
6100056655
762256210
882254821
942254079
10182253205

Suspected Bot List [2020-08-29]

detection period: 2020-08-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1396

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, August 29, 2020

Botnet Statistics [2020-08-28]

detection period: 2020-08-28 00:00-23:59 UTC
total number of suspected botnet IPs: 28297
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26722
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1227
2VNPT-VN995
3DIGITALOCEAN-192-241-128-0669
4Baidu666
5TENCENT-CN567
6ALISOFT480
7VIETTEL-VN472
8CHINANET-JS438
9HINET-NET338
10CHINANET-GD337

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7207
2United States3200
3Viet Nam2006
4India1600
5Russian Federation1406
6Brazil1265
7Indonesia908
8France864
9Thailand582
10Taiwan452

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445550364
25038192592
35908106883
4322588297
562271850
612266697
722261335
8202260599
982257576
1052256078

Suspected Bot List [2020-08-28]

detection period: 2020-08-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1575

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, August 28, 2020

Botnet Statistics [2020-08-27]

detection period: 2020-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 28653
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27155
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1258
2VNPT-VN970
3Baidu676
4DIGITALOCEAN-192-241-128-0646
5TENCENT-CN590
6VIETTEL-VN559
7ALISOFT477
8CHINANET-JS437
9CHINANET-GD348
10HINET-NET326

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7337
2United States3154
3Viet Nam2055
4India1784
5Russian Federation1474
6Brazil1196
7Indonesia918
8France842
9Thailand613
10Taiwan454

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445623435
21224113442
31228110952
41229108309
51226104498
61227101828
71225100350
8322193571
952264560
10143363703

Suspected Bot List [2020-08-27]

detection period: 2020-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1498

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, August 27, 2020

Botnet Statistics [2020-08-26]

detection period: 2020-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 29035
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27463
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1289
2VNPT-VN1077
3Baidu682
4DIGITALOCEAN-192-241-128-0677
5TENCENT-CN597
6ALISOFT503
7VIETTEL-VN491
8CHINANET-JS415
9HINET-NET380
10CHINANET-GD332

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7369
2United States3275
3Viet Nam2116
4India1781
5Russian Federation1376
6Brazil1357
7Indonesia908
8France862
9Thailand594
10Taiwan515

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445307910
2231789356
3232089259
4231988369
5231885362
6102272187
732271925
8112268650
942267106
1082266655

Suspected Bot List [2020-08-26]

detection period: 2020-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1572

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, August 26, 2020

Botnet Statistics [2020-08-25]

detection period: 2020-08-25 00:00-23:59 UTC
total number of suspected botnet IPs: 28907
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27371
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1303
2VNPT-VN956
3Baidu690
4DIGITALOCEAN-192-241-128-0665
5TENCENT-CN613
6ALISOFT486
7VIETTEL-VN453
8CHINANET-JS381
9HINET-NET374
10VE-CSVE-LACNIC335

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7102
2United States3240
3Viet Nam1932
4India1635
5Russian Federation1496
6Brazil1309
7Indonesia946
8France895
9Thailand633
10Taiwan501

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445179346
2235193827
3235388973
4231388381
5235287646
6231586672
7234986634
8235085618
9234784383
10231482123

Suspected Bot List [2020-08-25]

detection period: 2020-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1536

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, August 25, 2020

Botnet Statistics [2020-08-24]

detection period: 2020-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 29501
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27864
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1373
2VNPT-VN1060
3Baidu737
4DIGITALOCEAN-192-241-128-0664
5TENCENT-CN631
6ALISOFT467
7VIETTEL-VN460
8CHINANET-JS433
9HINET-NET345
10VE-CSVE-LACNIC325

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7656
2United States3362
3Viet Nam2028
4India1567
5Russian Federation1455
6Brazil1259
7Indonesia991
8France914
9Thailand603
10South Korea469

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445275368
2122194471
3234578185
4230851373
52247927
6143341426
7322332015
82325643
9234621536
10590021174

Suspected Bot List [2020-08-24]

detection period: 2020-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1637

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, August 24, 2020

Botnet Statistics [2020-08-23]

detection period: 2020-08-23 00:00-23:59 UTC
total number of suspected botnet IPs: 24341
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23071
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1253
2DIGITALOCEAN-192-241-128-0827
3Baidu667
4VNPT-VN596
5TENCENT-CN563
6ALISOFT417
7VIETTEL-VN317
8CHINANET-JS299
9HINET-NET295
10VE-CSVE-LACNIC283

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6355
2United States3331
3Viet Nam1339
4Russian Federation1225
5Brazil994
6India933
7France832
8Indonesia601
9South Korea462
10Taiwan402

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12093341850
2445190224
3236794363
4236993848
5239392650
6236291924
7236591845
8236391829
9236491417
10236191246

Suspected Bot List [2020-08-23]

detection period: 2020-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1270

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, August 23, 2020

Botnet Statistics [2020-08-22]

detection period: 2020-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 25840
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24411
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1214
2VNPT-VN823
3Baidu667
4TENCENT-CN564
5DIGITALOCEAN-192-241-128-0525
6ALISOFT443
7VIETTEL-VN387
8HINET-NET360
9CHINANET-JS329
10KORNET326

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6563
2United States3187
3Viet Nam1650
4Russian Federation1242
5India1195
6Brazil1052
7France853
8Indonesia729
9South Korea510
10Taiwan488

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12093631343
27938258168
3445209164
43030100745
5235896458
6238793649
7235492575
8235790893
9238490641
10238589920

Suspected Bot List [2020-08-22]

detection period: 2020-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1429

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, August 22, 2020

Botnet Statistics [2020-08-21]

detection period: 2020-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 27673
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26179
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1215
2VNPT-VN1133
3Baidu677
4TENCENT-CN581
5DIGITALOCEAN-192-241-128-0511
6VIETTEL-VN497
7ALISOFT449
8HINET-NET355
9CHINANET-JS315
10CMNET305

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6786
2United States3335
3Viet Nam2149
4India1528
5Russian Federation1385
6Brazil1214
7France854
8Indonesia787
9Thailand563
10South Korea488

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11303269107
2300248830
3101240101
4303232604
5445227999
61331223845
71301210144
81313208367
9202206813
10200201840

Suspected Bot List [2020-08-21]

detection period: 2020-08-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1494

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, August 21, 2020

Botnet Statistics [2020-08-20]

detection period: 2020-08-20 00:00-23:59 UTC
total number of suspected botnet IPs: 27729
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26205
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1191
2VNPT-VN1039
3Baidu695
4TENCENT-CN580
5VIETTEL-VN539
6ALISOFT444
7HINET-NET361
8CHINANET-JS347
9VE-CSVE-LACNIC331
10CHINANET-GD300

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7049
2United States3030
3Viet Nam2103
4India1642
5Russian Federation1467
6Brazil1239
7France846
8Indonesia668
9Thailand557
10Taiwan485

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11300278022
2445277691
31331277060
4300262623
51010261894
6101253775
7191244713
81301237208
9131236917
10200235315

Suspected Bot List [2020-08-20]

detection period: 2020-08-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1524

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, August 20, 2020

Botnet Statistics [2020-08-19]

detection period: 2020-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 28362
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26784
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1225
2VNPT-VN1033
3Baidu690
4TENCENT-CN585
5VIETTEL-VN514
6ALISOFT484
7CHINANET-JS362
8HINET-NET348
9VE-CSVE-LACNIC340
10TELKOMNET322

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7235
2United States2894
3Viet Nam2119
4India1538
5Russian Federation1454
6Brazil1280
7Indonesia995
8France862
9Thailand630
10South Korea463

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11010383157
2101347158
3191321144
4445319526
51313317992
6300307090
71301288867
8303288391
91909288074
10200287120

Suspected Bot List [2020-08-19]

detection period: 2020-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1578

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, August 19, 2020

Botnet Statistics [2020-08-18]

detection period: 2020-08-18 00:00-23:59 UTC
total number of suspected botnet IPs: 28497
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26920
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1254
2VNPT-VN1014
3Baidu693
4TENCENT-CN591
5ALISOFT487
6VIETTEL-VN471
7HINET-NET374
8VE-CSVE-LACNIC353
9TELKOMNET351
10CMNET308

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7012
2United States2840
3Viet Nam2062
4India1790
5Russian Federation1505
6Brazil1270
7Indonesia1031
8France853
9Thailand622
10Taiwan495

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445442971
2191205655
3303194049
41301174605
51010174265
6300169627
71331166019
8200164461
9131154362
102002153846

Suspected Bot List [2020-08-18]

detection period: 2020-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1577

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, August 18, 2020

Botnet Statistics [2020-08-17]

detection period: 2020-08-17 00:00-23:59 UTC
total number of suspected botnet IPs: 28588
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26984
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1230
2VNPT-VN1032
3Baidu696
4TENCENT-CN597
5VIETTEL-VN527
6ALISOFT471
7HINET-NET390
8CHINANET-JS387
9VE-CSVE-LACNIC377
10CHINANET-GD319

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7321
2United States2794
3Viet Nam2130
4India1771
5Russian Federation1479
6Brazil1241
7France865
8Indonesia743
9Thailand636
10Taiwan516

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445287371
2100096921
3143369035
425863451
54444461260
6338955286
72344778
82240988
9500033777
1022527417

Suspected Bot List [2020-08-17]

detection period: 2020-08-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1604

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, August 17, 2020

Botnet Statistics [2020-08-16]

detection period: 2020-08-16 00:00-23:59 UTC
total number of suspected botnet IPs: 26110
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24682
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1337
2Baidu770
3TENCENT-CN635
4VNPT-VN539
5ALISOFT452
6CHINANET-JS406
7VIETTEL-VN345
8HINET-NET340
9VE-CSVE-LACNIC326
10CHINANET-GD319

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7682
2United States2794
3Russian Federation1340
4Viet Nam1236
5India1084
6Brazil1029
7France878
8Indonesia676
9South Korea451
10Taiwan447

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445200299
24444460655
3338950983
42250839
5143349852
62342036
744425834
8900223815
922422764
10590019524

Suspected Bot List [2020-08-16]

detection period: 2020-08-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1428

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, August 16, 2020

Botnet Statistics [2020-08-15]

detection period: 2020-08-15 00:00-23:59 UTC
total number of suspected botnet IPs: 23352
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 22053
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud738
2Baidu672
3VNPT-VN665
4HINET-NET393
5ALISOFT390
6VIETTEL-VN380
7CHINANET-JS361
8VE-CSVE-LACNIC331
9TENCENT-CN326
10CMNET274

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6008
2United States2245
3Viet Nam1475
4Russian Federation1294
5India1097
6Brazil1001
7France749
8Indonesia740
9Taiwan508
10South Korea427

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445280628
2900259842
32249932
42346806
5143338138
6338934201
7382331340
877326304
961426257
1022326252

Suspected Bot List [2020-08-15]

detection period: 2020-08-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1299

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, August 15, 2020

Botnet Statistics [2020-08-14]

detection period: 2020-08-14 00:00-23:59 UTC
total number of suspected botnet IPs: 25375
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24086
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN980
2TencentCloud736
3Baidu673
4VIETTEL-VN544
5HINET-NET402
6CHINANET-JS385
7ALISOFT383
8VE-CSVE-LACNIC342
9TENCENT-CN330
10TELKOMNET310

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China5947
2United States2364
3Viet Nam2064
4India1664
5Russian Federation1419
6Brazil1164
7Indonesia927
8France750
9Thailand603
10Taiwan508

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445275142
22378429
3140457349
42249155
5140047430
6143347114
7204945308
8205043009
9204442358
1014138290

Suspected Bot List [2020-08-14]

detection period: 2020-08-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1289

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, August 14, 2020

Botnet Statistics [2020-08-13]

detection period: 2020-08-13 00:00-23:59 UTC
total number of suspected botnet IPs: 26700
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25180
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1137
2VNPT-VN861
3Baidu688
4TENCENT-CN573
5VIETTEL-VN524
6HINET-NET435
7ALISOFT383
8CHINANET-JS358
9VE-CSVE-LACNIC357
10TELKOMNET304

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6777
2United States2254
3Viet Nam1992
4India1658
5Russian Federation1417
6Brazil1163
7Indonesia926
8France749
9Thailand587
10Taiwan551

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445325341
26006148070
34657361242
42357284
52247971
6204842496
7143340590
8205037108
9141437053
10204533750

Suspected Bot List [2020-08-13]

detection period: 2020-08-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1520

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, August 13, 2020

Botnet Statistics [2020-08-12]

detection period: 2020-08-12 00:00-23:59 UTC
total number of suspected botnet IPs: 26620
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25128
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1218
2VNPT-VN847
3Baidu699
4TENCENT-CN615
5VIETTEL-VN532
6HINET-NET389
7ALISOFT386
8VE-CSVE-LACNIC365
9CHINANET-JS364
10TELKOMNET311

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7059
2United States2306
3Viet Nam1938
4India1496
5Russian Federation1423
6Brazil1190
7Indonesia927
8France777
9Taiwan527
10South Korea461

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445307101
21441116047
36009115186
41440110907
5204107014
61401104447
7140494943
8204393314
914192667
10205791167

Suspected Bot List [2020-08-12]

detection period: 2020-08-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1492

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, August 12, 2020

Botnet Statistics [2020-08-11]

detection period: 2020-08-11 00:00-23:59 UTC
total number of suspected botnet IPs: 26840
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25398
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1200
2VNPT-VN830
3Baidu700
4TENCENT-CN616
5VIETTEL-VN515
6HINET-NET421
7ALISOFT394
8CHINANET-JS373
9VE-CSVE-LACNIC366
10CHINANET-GD317

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7007
2United States2390
3Viet Nam1971
4India1414
5Russian Federation1370
6Brazil1216
7Indonesia901
8France776
9Thailand557
10Taiwan554

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445364542
21000273538
31414227043
4204223798
51400216058
61404215056
7141213894
82043210811
92044202717
101440181771

Suspected Bot List [2020-08-11]

detection period: 2020-08-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1442

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, August 11, 2020

Botnet Statistics [2020-08-10]

detection period: 2020-08-10 00:00-23:59 UTC
total number of suspected botnet IPs: 26803
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25363
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1214
2VNPT-VN941
3Baidu703
4TENCENT-CN616
5VIETTEL-VN508
6ALISOFT440
7HINET-NET424
8VE-CSVE-LACNIC360
9CHINANET-JS355
10TELKOMNET295

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6821
2United States2526
3Viet Nam2058
4India1434
5Russian Federation1282
6Brazil1172
7Indonesia966
8France807
9Thailand579
10Taiwan540

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445365960
2600599295
3143354691
4204152941
52246826
6381846410
7101144080
867443527
9425342976
10522642287

Suspected Bot List [2020-08-10]

detection period: 2020-08-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1440

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, August 10, 2020

Botnet Statistics [2020-08-09]

detection period: 2020-08-09 00:00-23:59 UTC
total number of suspected botnet IPs: 25254
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23886
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1252
2Baidu714
3TENCENT-CN620
4VNPT-VN564
5ALISOFT413
6HINET-NET408
7CHINANET-JS366
8VIETTEL-VN340
9CHINANET-GD302
10VE-CSVE-LACNIC301

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7276
2United States2621
3Viet Nam1432
4Russian Federation1222
5Brazil978
6India959
7France800
8Indonesia705
9Taiwan537
10South Korea499

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
16004187454
2445135133
31404120167
41400117079
5140196904
6205796044
7144092273
8144190255
920487684
10205284996

Suspected Bot List [2020-08-09]

detection period: 2020-08-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1368

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, August 9, 2020

Botnet Statistics [2020-08-08]

detection period: 2020-08-08 00:00-23:59 UTC
total number of suspected botnet IPs: 25643
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24259
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1261
2Baidu721
3VNPT-VN665
4TENCENT-CN622
5ALISOFT454
6VIETTEL-VN411
7HINET-NET410
8MSFT391
9VE-CSVE-LACNIC348
10CHINANET-JS330

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6750
2United States2917
3Viet Nam1619
4India1321
5Russian Federation1207
6Brazil1075
7France824
8Indonesia739
9Taiwan534
10South Korea492

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1141815534
21414764129
3204753436
41441748978
51440745758
61400710896
71401680789
81404660444
92042641474
102047633683