Custom Search

Saturday, October 31, 2020

Botnet Statistics [2020-10-30]

detection period: 2020-10-30 00:00-23:59 UTC
total number of suspected botnet IPs: 35223
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33002
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1380
2VNPT-VN937
3VIETTEL-VN761
4Baidu664
5TENCENT-CN627
6DIGITALOCEAN-192-241-128-0617
7HINET-NET513
8VE-CSVE-LACNIC477
9ALISOFT474
10UNICOM-HA434

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8163
2United States4320
3Viet Nam2508
4Russian Federation2328
5India2246
6Brazil1596
7Indonesia1055
8France902
9Thailand824
10Taiwan656

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445265646
2600186182
31111185655
41200167537
5700163431
6100158835
71800153977
81000150445
9800148471
101100143601

Suspected Bot List [2020-10-30]

detection period: 2020-10-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2221

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, October 30, 2020

Botnet Statistics [2020-10-29]

detection period: 2020-10-29 00:00-23:59 UTC
total number of suspected botnet IPs: 35454
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33104
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1393
2VIETTEL-VN801
3VNPT-VN785
4Baidu675
5TENCENT-CN639
6DIGITALOCEAN-192-241-128-0624
7HINET-NET517
8UNICOM-HA456
9ALISOFT456
10VE-CSVE-LACNIC407

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8194
2United States4254
3Viet Nam2434
4India2396
5Russian Federation2267
6Brazil1701
7Indonesia928
8Thailand838
9France816
10Taiwan679

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
19111502311
21111437014
3445375506
4143376213
52249568
62342630
7338930014
870029160
958719752
10111017045

Suspected Bot List [2020-10-29]

detection period: 2020-10-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2350

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, October 29, 2020

Botnet Statistics [2020-10-28]

detection period: 2020-10-28 00:00-23:59 UTC
total number of suspected botnet IPs: 36234
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33870
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1444
2VIETTEL-VN746
3VNPT-VN742
4Baidu682
5TENCENT-CN661
6DIGITALOCEAN-192-241-128-0625
7HINET-NET561
8ALISOFT465
9UNICOM-HA453
10VE-CSVE-LACNIC441

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8426
2United States3789
3India2540
4Russian Federation2302
5Viet Nam2289
6Brazil1731
7Indonesia1107
8France910
9Thailand869
10Taiwan722

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445565629
21111491465
32253896
42346768
5143340712
658729785
7338924213
890023348
9120023285
1020021974

Suspected Bot List [2020-10-28]

detection period: 2020-10-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2364

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, October 28, 2020

Botnet Statistics [2020-10-27]

detection period: 2020-10-27 00:00-23:59 UTC
total number of suspected botnet IPs: 37431
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34990
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1482
2VNPT-VN978
3VIETTEL-VN801
4Baidu694
5TENCENT-CN685
6HINET-NET567
7DIGITALOCEAN-192-241-128-0506
8ALISOFT500
9UNICOM-HA465
10TELKOMNET449

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8780
2United States3659
3India2582
4Viet Nam2536
5Russian Federation2449
6Brazil1824
7Indonesia1354
8France968
9Thailand915
10Taiwan738

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445470758
21433123832
390090293
460086396
5100083917
620083405
780081642
8110081104
910080579
1040079769

Suspected Bot List [2020-10-27]

detection period: 2020-10-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2441

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, October 27, 2020

Botnet Statistics [2020-10-26]

detection period: 2020-10-26 00:00-23:59 UTC
total number of suspected botnet IPs: 37354
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34812
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1498
2VNPT-VN929
3VIETTEL-VN871
4TENCENT-CN706
5Baidu676
6HINET-NET658
7ALISOFT512
8TELKOMNET469
9UNICOM-HA456
10VE-CSVE-LACNIC433

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8825
2United States3655
3Viet Nam2601
4Russian Federation2371
5India2334
6Brazil1803
7Indonesia1317
8France916
9Thailand897
10Taiwan812

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445423011
2500246870
31100246488
4200245100
5300244653
6900238833
71400238739
8400237735
9800232591
101300230440

Suspected Bot List [2020-10-26]

detection period: 2020-10-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2542

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, October 26, 2020

Botnet Statistics [2020-10-25]

detection period: 2020-10-25 00:00-23:59 UTC
total number of suspected botnet IPs: 33887
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31664
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1589
2Baidu781
3TENCENT-CN740
4HINET-NET561
5VNPT-VN556
6VIETTEL-VN510
7ALISOFT506
8UNICOM-HA461
9CMNET458
10DIGITALOCEAN-192-241-128-0400

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9152
2United States3979
3Russian Federation2117
4Viet Nam1693
5India1593
6Brazil1499
7France898
8Indonesia882
9Taiwan709
10Mauritius583

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445223389
2600179095
3200171514
41500149637
51300145067
6500145066
71100144389
8300139827
91000139157
10100135340

Suspected Bot List [2020-10-25]

detection period: 2020-10-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2223

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, October 25, 2020

Botnet Statistics [2020-10-24]

detection period: 2020-10-24 00:00-23:59 UTC
total number of suspected botnet IPs: 32126
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30074
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1426
2Baidu735
3TENCENT-CN681
4VNPT-VN646
5VIETTEL-VN571
6HINET-NET488
7ALISOFT477
8UNICOM-HA436
9CMNET433
10DIGITALOCEAN-192-241-128-0389

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8513
2United States3517
3India1918
4Russian Federation1865
5Viet Nam1851
6Brazil1427
7Indonesia946
8France819
9Taiwan613
10Thailand544

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1200457723
21000456511
3500451612
41100447941
5800445502
6300442636
7900441709
8600432472
91400430937
101200429672

Suspected Bot List [2020-10-24]

detection period: 2020-10-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2052

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, October 24, 2020

Botnet Statistics [2020-10-23]

detection period: 2020-10-23 00:00-23:59 UTC
total number of suspected botnet IPs: 34338
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32224
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1443
2VNPT-VN874
3Baidu732
4VIETTEL-VN714
5TENCENT-CN685
6HINET-NET495
7ALISOFT489
8UNICOM-HA476
9TELKOMNET449
10UNICOM-SD412

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8877
2United States3545
3Viet Nam2343
4India2233
5Russian Federation2175
6Brazil1623
7Indonesia1200
8France859
9Taiwan642
10Turkey551

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445474145
21200248066
3200237740
4500234609
5800225751
6100223614
7700223304
8400222937
91100218279
101400216803

Suspected Bot List [2020-10-23]

detection period: 2020-10-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2114

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, October 23, 2020

Botnet Statistics [2020-10-22]

detection period: 2020-10-22 00:00-23:59 UTC
total number of suspected botnet IPs: 35626
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33352
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1471
2VNPT-VN862
3VIETTEL-VN750
4Baidu735
5TENCENT-CN676
6HINET-NET487
7UNICOM-SD482
8ALISOFT472
9UNICOM-HA465
10TELKOMNET431

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8913
2United States3868
3India2334
4Viet Nam2290
5Russian Federation1967
6Brazil1612
7Indonesia1187
8France862
9Thailand778
10Taiwan640

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445460473
21221207401
3143366686
42254620
52350608
6338923452
758719728
812218819
9600116912
1032212709

Suspected Bot List [2020-10-22]

detection period: 2020-10-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2274

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, October 22, 2020

Botnet Statistics [2020-10-21]

detection period: 2020-10-21 00:00-23:59 UTC
total number of suspected botnet IPs: 37393
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 35060
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1448
2VNPT-VN981
3VIETTEL-VN846
4Baidu741
5TENCENT-CN671
6TELKOMNET526
7HINET-NET526
8UNICOM-SD499
9ALISOFT471
10UNICOM-HA446

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8886
2United States4110
3Viet Nam2611
4India2456
5Russian Federation2263
6Brazil1676
7Indonesia1354
8Thailand898
9France851
10Taiwan688

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445421983
21221213216
3143374024
42253741
52348712
633347290
7600128097
82620290
958719359
10338917461

Suspected Bot List [2020-10-21]

detection period: 2020-10-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2333

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, October 21, 2020

Botnet Statistics [2020-10-20]

detection period: 2020-10-20 00:00-23:59 UTC
total number of suspected botnet IPs: 37976
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 35506
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1432
2VNPT-VN901
3DIGITALOCEAN-165-232-32-0781
4VIETTEL-VN774
5Baidu723
6TENCENT-CN669
7HINET-NET518
8UNICOM-SD514
9TELKOMNET491
10ALISOFT470

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8861
2United States4496
3Viet Nam2478
4India2455
5Russian Federation2050
6Brazil1806
7Indonesia1385
8Thailand946
9France849
10Taiwan677

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445724762
21221213358
31433148463
42256723
52349715
633346141
7123427264
8338922537
958720973
1012218545

Suspected Bot List [2020-10-20]

detection period: 2020-10-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2470

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, October 20, 2020

Botnet Statistics [2020-10-19]

detection period: 2020-10-19 00:00-23:59 UTC
total number of suspected botnet IPs: 37644
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 35221
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1449
2VNPT-VN978
3VIETTEL-VN786
4Baidu715
5TENCENT-CN671
6DIGITALOCEAN-165-232-32-0583
7UNICOM-SD520
8HINET-NET504
9UNICOM-HA493
10TELKOMNET468

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9069
2United States4164
3Viet Nam2548
4India2499
5Russian Federation2037
6Brazil1805
7Indonesia1326
8Thailand965
9France840
10Taiwan663

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445481635
21221213952
3143389791
42260164
52350860
632246959
742245603
833345379
9332232596
10590423900

Suspected Bot List [2020-10-19]

detection period: 2020-10-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2423

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, October 19, 2020

Botnet Statistics [2020-10-18]

detection period: 2020-10-18 00:00-23:59 UTC
total number of suspected botnet IPs: 32833
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30666
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1441
2Baidu730
3TENCENT-CN671
4VNPT-VN529
5VIETTEL-VN526
6UNICOM-HA498
7UNICOM-SD485
8HINET-NET478
9ALISOFT472
10CHINANET-GD398

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8863
2United States3477
3Russian Federation1898
4Viet Nam1701
5India1680
6Brazil1551
7Indonesia896
8France884
9Taiwan627
10Mauritius553

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11221213610
2445200569
31433108569
42261529
52349180
633345386
782237803
8332228847
942227679
10338917385

Suspected Bot List [2020-10-18]

detection period: 2020-10-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2167

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, October 18, 2020

Botnet Statistics [2020-10-17]

detection period: 2020-10-17 00:00-23:59 UTC
total number of suspected botnet IPs: 32568
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30405
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1210
2VNPT-VN682
3Baidu626
4TENCENT-CN561
5VIETTEL-VN556
6HINET-NET491
7UNICOM-HA472
8UNICOM-SD463
9ALISOFT445
10DIGITALOCEAN-192-241-128-0413

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7915
2United States3627
3India2233
4Viet Nam1961
5Russian Federation1868
6Brazil1583
7Indonesia990
8France757
9Taiwan680
10Thailand619

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445523053
2122189632
32362744
42255364
533343721
6143334765
722229297
8338921974
9112416757
10332212677

Suspected Bot List [2020-10-17]

detection period: 2020-10-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2163

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, October 17, 2020

Botnet Statistics [2020-10-16]

detection period: 2020-10-16 00:00-23:59 UTC
total number of suspected botnet IPs: 35040
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32789
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1206
2VNPT-VN936
3VIETTEL-VN725
4Baidu623
5TENCENT-CN580
6HINET-NET529
7UNICOM-SD526
8UNICOM-HA485
9ALISOFT468
10DIGITALOCEAN-192-241-128-0416

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8164
2United States3377
3India2515
4Viet Nam2419
5Russian Federation1994
6Brazil1787
7Indonesia1161
8Thailand869
9France793
10Taiwan725

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445671332
212242950
3123197281
42373587
5143358436
62256714
733345006
8338923403
9102216281
106668873

Suspected Bot List [2020-10-16]

detection period: 2020-10-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2251

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, October 16, 2020

Botnet Statistics [2020-10-15]

detection period: 2020-10-15 00:00-23:59 UTC
total number of suspected botnet IPs: 34504
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32213
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1262
2VNPT-VN926
3VIETTEL-VN735
4Baidu635
5TENCENT-CN585
6HINET-NET510
7UNICOM-HA485
8UNICOM-SD467
9VE-CSVE-LACNIC444
10TELKOMNET444

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7784
2United States3469
3Viet Nam2450
4India2367
5Russian Federation1976
6Brazil1640
7Indonesia1296
8Thailand862
9France807
10Taiwan690

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112507337
2445296272
3123200891
42252558
5143348613
62345118
733343759
8338923382
9102219925
1012347587

Suspected Bot List [2020-10-15]

detection period: 2020-10-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2291

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, October 15, 2020

Botnet Statistics [2020-10-14]

detection period: 2020-10-14 00:00-23:59 UTC
total number of suspected botnet IPs: 34461
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32092
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1262
2VNPT-VN933
3VIETTEL-VN743
4Baidu630
5TENCENT-CN596
6HINET-NET523
7UNICOM-HA486
8UNICOM-SD477
9DIGITALOCEAN-192-241-128-0409
10TELKOMNET399

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8099
2United States3269
3Viet Nam2473
4India2340
5Russian Federation1967
6Brazil1604
7Indonesia1271
8France812
9Thailand804
10Taiwan681

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
112519330
2445478385
3143219965
4123207097
52256368
633352402
7338938923
8143337561
92335972
104412232

Suspected Bot List [2020-10-14]

detection period: 2020-10-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2369

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, October 14, 2020

Botnet Statistics [2020-10-13]

detection period: 2020-10-13 00:00-23:59 UTC
total number of suspected botnet IPs: 34691
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32307
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1293
2VNPT-VN925
3VIETTEL-VN778
4Baidu638
5TENCENT-CN606
6UNICOM-SD494
7HINET-NET491
8UNICOM-HA489
9TELKOMNET440
10ALISOFT427

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8249
2United States3387
3Viet Nam2508
4India2444
5Russian Federation1959
6Brazil1607
7Indonesia1218
8France829
9Taiwan639
10Mexico588

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445458355
2143281624
3123205820
412150360
5143382456
62259344
733350604
8338939022
92337393
10132213287

Suspected Bot List [2020-10-13]

detection period: 2020-10-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2384

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, October 13, 2020

Botnet Statistics [2020-10-12]

detection period: 2020-10-12 00:00-23:59 UTC
total number of suspected botnet IPs: 35617
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33253
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1349
2VNPT-VN911
3VIETTEL-VN736
4Baidu652
5TENCENT-CN636
6HINET-NET532
7UNICOM-SD511
8UNICOM-HA497
9ALISOFT451
10TELKOMNET437

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8595
2United States3627
3India2514
4Viet Nam2424
5Russian Federation1988
6Brazil1305
7Indonesia1266
8France900
9Thailand828
10Taiwan699

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445458228
2143283208
3123198224
42257816
533353407
62348548
7143345225
8338933296
94327798
1022215159

Suspected Bot List [2020-10-12]

detection period: 2020-10-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2364

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, October 12, 2020

Botnet Statistics [2020-10-11]

detection period: 2020-10-11 00:00-23:59 UTC
total number of suspected botnet IPs: 31841
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29717
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1443
2Baidu708
3TENCENT-CN664
4VNPT-VN550
5UNICOM-HA515
6UNICOM-SD508
7ALISOFT463
8VIETTEL-VN460
9HINET-NET457
10DIGITALOCEAN-192-241-128-0412

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8775
2United States3376
3India1720
4Russian Federation1683
5Viet Nam1529
6Brazil1353
7Indonesia856
8France846
9Taiwan609
10Mauritius554

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1143285157
2445203397
3123190305
41234160969
51433134333
62257596
733350249
82349870
9123030059
10102023397

Suspected Bot List [2020-10-11]

detection period: 2020-10-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2124

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, October 11, 2020

Botnet Statistics [2020-10-10]

detection period: 2020-10-10 00:00-23:59 UTC
total number of suspected botnet IPs: 32054
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29974
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1318
2VIETTEL-VN784
3Baidu657
4VNPT-VN645
5TENCENT-CN618
6HINET-NET532
7UNICOM-SD505
8UNICOM-HA493
9ALISOFT481
10DIGITALOCEAN-192-241-128-0417

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8315
2United States3150
3India2301
4Viet Nam2091
5Russian Federation1694
6Brazil1384
7Indonesia930
8France815
9Taiwan691
10Thailand535

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445352760
2143285905
3123191520
41234159275
5143374700
62256383
72350924
82047803
933344878
1066625956

Suspected Bot List [2020-10-10]

detection period: 2020-10-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2080

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, October 10, 2020

Botnet Statistics [2020-10-09]

detection period: 2020-10-09 00:00-23:59 UTC
total number of suspected botnet IPs: 35115
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32905
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1345
2VIETTEL-VN995
3VNPT-VN870
4Baidu680
5TENCENT-CN636
6HINET-NET612
7UNICOM-SD527
8UNICOM-HA523
9ALISOFT454
10VE-CSVE-LACNIC422

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8563
2United States3219
3Viet Nam2628
4India2628
5Russian Federation1967
6Brazil1631
7Indonesia1168
8France826
9Thailand800
10Taiwan786

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445517748
21234160485
3143148926
4123101211
5143384024
62262864
72346243
833345148
94128121
1066625931

Suspected Bot List [2020-10-09]

detection period: 2020-10-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2210

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, October 9, 2020

Botnet Statistics [2020-10-08]

detection period: 2020-10-08 00:00-23:59 UTC
total number of suspected botnet IPs: 49126
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 46922
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VIETTEL-VN14373
2TencentCloud1342
3VNPT-VN1007
4HINET-NET690
5Baidu689
6TENCENT-CN643
7UNICOM-HA494
8UNICOM-SD476
9ALISOFT451
10TELKOMNET446

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1Viet Nam16119
2China8416
3United States3240
4India2727
5Russian Federation1949
6Brazil1700
7Indonesia1263
8Taiwan884
9France860
10Thailand804

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445774203
21234160349
32373273
4143365752
52257925
633344944
72533566
8338926450
94015668
10202015654