Custom Search

Monday, November 30, 2020

Botnet Statistics [2020-11-29]

detection period: 2020-11-29 00:00-23:59 UTC
total number of suspected botnet IPs: 33133
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30688
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1620
2TENCENT-CN765
3DIGITALOCEAN-192-241-128-0622
4Baidu568
5HINET-NET528
6VIETTEL-VN522
7ALISOFT516
8VNPT-VN460
9NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK409
10CMNET368
RankCountry/Region# of suspected botnet IPs
1China8317
2United States4024
3Russian Federation2072
4Brazil1724
5India1605
6Viet Nam1480
7Indonesia909
8France889
9Taiwan704
10South Korea594

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445386940
2143391422
322081456
42242790
52337321
652221079
742219042
882217566
9112217552
1092215806

Suspected Bot List [2020-11-29]

detection period: 2020-11-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2445

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, November 29, 2020

Botnet Statistics [2020-11-28]

detection period: 2020-11-28 00:00-23:59 UTC
total number of suspected botnet IPs: 32756
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30294
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1460
2TENCENT-CN684
3DIGITALOCEAN-192-241-128-0613
4VIETTEL-VN584
5HINET-NET533
6Baidu519
7ALISOFT475
8VNPT-VN469
9CMNET379
10VE-CSVE-LACNIC376
RankCountry/Region# of suspected botnet IPs
1China7648
2United States4250
3India2185
4Russian Federation1876
5Viet Nam1614
6Brazil1557
7Indonesia1032
8France890
9Taiwan693
10South Korea554

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445577260
222078158
382264533
442264057
572258285
652258212
762258168
892256181
9112255849
102240532

Suspected Bot List [2020-11-28]

detection period: 2020-11-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2462

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, November 28, 2020

Botnet Statistics [2020-11-27]

detection period: 2020-11-27 00:00-23:59 UTC
total number of suspected botnet IPs: 34329
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31879
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1462
2VIETTEL-VN794
3VNPT-VN740
4TENCENT-CN692
5DIGITALOCEAN-192-241-128-0619
6Baidu524
7HINET-NET495
8ALISOFT493
9VE-CSVE-LACNIC431
10TELKOMNET389
RankCountry/Region# of suspected botnet IPs
1China7795
2United States4251
3India2349
4Viet Nam2137
5Russian Federation2066
6Brazil1605
7Indonesia1249
8France832
9Thailand754
10Taiwan647

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445494005
2100281973
3100181413
422077989
52677143
6100067708
782263119
842244293
992242560
1062242023

Suspected Bot List [2020-11-27]

detection period: 2020-11-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2450

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, November 27, 2020

Botnet Statistics [2020-11-26]

detection period: 2020-11-26 00:00-23:59 UTC
total number of suspected botnet IPs: 35255
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32650
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1479
2VIETTEL-VN789
3TENCENT-CN724
4VNPT-VN668
5DIGITALOCEAN-192-241-128-0606
6Baidu530
7HINET-NET491
8ALISOFT471
9TELKOMNET467
10VE-CSVE-LACNIC399
RankCountry/Region# of suspected botnet IPs
1China7886
2United States4250
3India2224
4Viet Nam2116
5Russian Federation2056
6Brazil1839
7Indonesia1337
8France871
9Thailand828
10Taiwan637

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445458597
229166079
327118929
42895544
5100084171
622077543
782262039
842249035
992248796
102246924

Suspected Bot List [2020-11-26]

detection period: 2020-11-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2605

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, November 26, 2020

Botnet Statistics [2020-11-25]

detection period: 2020-11-25 00:00-23:59 UTC
total number of suspected botnet IPs: 35484
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32805
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1543
2VIETTEL-VN772
3TENCENT-CN742
4VNPT-VN708
5DIGITALOCEAN-192-241-128-0607
6Baidu553
7HINET-NET522
8TELKOMNET496
9ALISOFT483
10VE-CSVE-LACNIC433
RankCountry/Region# of suspected botnet IPs
1China8218
2United States3942
3India2363
4Viet Nam2167
5Russian Federation2095
6Brazil1656
7Indonesia1354
8France839
9Thailand760
10Taiwan681

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445505249
222077870
3143348799
4102242527
52241684
62337521
742226886
882226080
9124567
1092221760

Suspected Bot List [2020-11-25]

detection period: 2020-11-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2679

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, November 25, 2020

Botnet Statistics [2020-11-24]

detection period: 2020-11-24 00:00-23:59 UTC
total number of suspected botnet IPs: 35148
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32612
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1545
2VIETTEL-VN754
3TENCENT-CN736
4VNPT-VN719
5DIGITALOCEAN-192-241-128-0600
6Baidu560
7HINET-NET507
8VE-CSVE-LACNIC448
9ALISOFT445
10TELKOMNET432
RankCountry/Region# of suspected botnet IPs
1China8235
2United States3918
3India2352
4Russian Federation2179
5Viet Nam2108
6Brazil1623
7Indonesia1311
8France809
9Thailand724
10Taiwan669

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445489505
222076047
32352684
42245471
5143341716
6102238035
7600420715
8123719819
933317975
102017036

Suspected Bot List [2020-11-24]

detection period: 2020-11-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2536

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, November 24, 2020

Botnet Statistics [2020-11-23]

detection period: 2020-11-23 00:00-23:59 UTC
total number of suspected botnet IPs: 35853
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33270
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1569
2VIETTEL-VN767
3TENCENT-CN753
4VNPT-VN694
5DIGITALOCEAN-192-241-128-0620
6Baidu550
7HINET-NET539
8TELKOMNET487
9ALISOFT431
10NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK430
RankCountry/Region# of suspected botnet IPs
1China8262
2United States4018
3India2410
4Russian Federation2208
5Viet Nam2113
6Brazil1670
7Indonesia1450
8France853
9Thailand801
10Taiwan701

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445443323
21433109728
322080102
499955057
5172250189
62245954
72337365
8102232526
9600422001
101716316

Suspected Bot List [2020-11-23]

detection period: 2020-11-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2583

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, November 23, 2020

Botnet Statistics [2020-11-22]

detection period: 2020-11-22 00:00-23:59 UTC
total number of suspected botnet IPs: 32373
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30031
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1665
2TENCENT-CN778
3Baidu632
4DIGITALOCEAN-192-241-128-0603
5VIETTEL-VN489
6ALISOFT473
7HINET-NET447
8NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK434
9CMNET403
10VNPT-VN380
RankCountry/Region# of suspected botnet IPs
1China8523
2United States4021
3Russian Federation1993
4India1551
5Brazil1348
6Viet Nam1347
7Indonesia926
8France901
9Taiwan575
10Mexico504

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445221407
222080262
3143360551
422146833
52246639
6102240976
722228385
82327100
9338923508
10600422919

Suspected Bot List [2020-11-22]

detection period: 2020-11-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2342

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, November 22, 2020

Botnet Statistics [2020-11-21]

detection period: 2020-11-21 00:00-23:59 UTC
total number of suspected botnet IPs: 32395
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30217
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1506
2TENCENT-CN721
3DIGITALOCEAN-192-241-128-0613
4VIETTEL-VN608
5Baidu580
6VNPT-VN531
7HINET-NET505
8ALISOFT436
9VE-CSVE-LACNIC393
10UNICOM-HA387
RankCountry/Region# of suspected botnet IPs
1China7813
2United States3773
3India2171
4Russian Federation2044
5Viet Nam1702
6Brazil1406
7Indonesia1099
8France821
9Taiwan653
10Thailand542

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445421440
21433116001
322085850
4102267840
51553367
61449141
71748533
81348320
91648015
102245112

Suspected Bot List [2020-11-21]

detection period: 2020-11-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2178

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, November 21, 2020

Botnet Statistics [2020-11-20]

detection period: 2020-11-20 00:00-23:59 UTC
total number of suspected botnet IPs: 34435
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32057
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1493
2VIETTEL-VN735
3TENCENT-CN711
4VNPT-VN646
5DIGITALOCEAN-192-241-128-0606
6Baidu600
7HINET-NET465
8TELKOMNET445
9ALISOFT441
10VE-CSVE-LACNIC436
RankCountry/Region# of suspected botnet IPs
1China7990
2United States3902
3India2360
4Russian Federation2189
5Viet Nam1983
6Brazil1639
7Indonesia1335
8France809
9Taiwan626
10Turkey580

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445370755
21151997
32243020
4143335886
5102235122
61230109
72326883
8600011912
9338910708
10112210654

Suspected Bot List [2020-11-20]

detection period: 2020-11-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2378

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, November 20, 2020

Botnet Statistics [2020-11-19]

detection period: 2020-11-19 00:00-23:59 UTC
total number of suspected botnet IPs: 35371
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32929
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1513
2VIETTEL-VN780
3TENCENT-CN738
4VNPT-VN717
5Baidu621
6DIGITALOCEAN-192-241-128-0613
7HINET-NET545
8TELKOMNET486
9ALISOFT445
10VE-CSVE-LACNIC444
RankCountry/Region# of suspected botnet IPs
1China8036
2United States3987
3India2371
4Russian Federation2292
5Viet Nam2132
6Brazil1661
7Indonesia1377
8France810
9Taiwan706
10Mexico597

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445390368
2102256148
32247088
4143335367
52330316
6112229971
7132217373
8590012516
9122210996
10162210861

Suspected Bot List [2020-11-19]

detection period: 2020-11-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2442

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, November 19, 2020

Botnet Statistics [2020-11-18]

detection period: 2020-11-18 00:00-23:59 UTC
total number of suspected botnet IPs: 36297
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33728
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1539
2VIETTEL-VN858
3VNPT-VN766
4TENCENT-CN736
5Baidu637
6DIGITALOCEAN-192-241-128-0602
7HINET-NET540
8TELKOMNET492
9VE-CSVE-LACNIC432
10ALISOFT431
RankCountry/Region# of suspected botnet IPs
1China8192
2United States3806
3India2377
4Viet Nam2320
5Russian Federation2298
6Brazil1696
7Indonesia1479
8Thailand878
9France793
10Taiwan689

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445533895
2102259518
32251193
4143340753
52337053
6102025012
7132222564
8122217771
9617644
10716752

Suspected Bot List [2020-11-18]

detection period: 2020-11-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2569

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, November 18, 2020

Botnet Statistics [2020-11-17]

detection period: 2020-11-17 00:00-23:59 UTC
total number of suspected botnet IPs: 35183
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32797
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1542
2VIETTEL-VN792
3TENCENT-CN761
4Baidu637
5VNPT-VN606
6DIGITALOCEAN-192-241-128-0593
7HINET-NET552
8VE-CSVE-LACNIC485
9TELKOMNET450
10ALISOFT436
RankCountry/Region# of suspected botnet IPs
1China8153
2United States3838
3India2181
4Russian Federation2163
5Viet Nam2049
6Brazil1649
7Indonesia1347
8Thailand819
9France804
10Taiwan723

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445582724
2122259263
32249122
4143345991
52336440
6102232267
7122028
877713915
9338911580
10220010053

Suspected Bot List [2020-11-17]

detection period: 2020-11-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2386

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, November 17, 2020

Botnet Statistics [2020-11-16]

detection period: 2020-11-16 00:00-23:59 UTC
total number of suspected botnet IPs: 35977
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33461
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1624
2VIETTEL-VN827
3TENCENT-CN777
4Baidu656
5VNPT-VN638
6DIGITALOCEAN-192-241-128-0621
7HINET-NET522
8ALISOFT455
9TELKOMNET441
10VE-CSVE-LACNIC430
RankCountry/Region# of suspected botnet IPs
1China8554
2United States3958
3Russian Federation2268
4Viet Nam2190
5India1899
6Brazil1782
7Indonesia1346
8Thailand821
9France812
10Taiwan662

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445287378
21234166906
3123586812
42255689
52150820
6143348297
778347704
831647699
921147695
1026447667

Suspected Bot List [2020-11-16]

detection period: 2020-11-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2516

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, November 16, 2020

Botnet Statistics [2020-11-15]

detection period: 2020-11-15 00:00-23:59 UTC
total number of suspected botnet IPs: 33001
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30867
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1668
2TENCENT-CN826
3Baidu686
4DIGITALOCEAN-192-241-128-0615
5HINET-NET607
6VIETTEL-VN551
7ALISOFT484
8NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK437
9UNICOM-HA418
10CMNET379
RankCountry/Region# of suspected botnet IPs
1China8856
2United States4075
3Russian Federation1992
4Brazil1474
5Viet Nam1468
6India1306
7Indonesia899
8France839
9Taiwan760
10South Korea570

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11234202405
2445188757
31230102449
42284557
5143378778
6600263558
72347885
8102238787
9130130
102525634

Suspected Bot List [2020-11-15]

detection period: 2020-11-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2134

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, November 15, 2020

Botnet Statistics [2020-11-14]

detection period: 2020-11-14 00:00-23:59 UTC
total number of suspected botnet IPs: 32204
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30045
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1497
2TENCENT-CN731
3Baidu629
4HINET-NET615
5DIGITALOCEAN-192-241-128-0614
6VIETTEL-VN600
7KORNET482
8ALISOFT462
9UNICOM-HA439
10VE-CSVE-LACNIC402
RankCountry/Region# of suspected botnet IPs
1China8124
2United States3780
3Russian Federation1926
4Viet Nam1561
5India1409
6Brazil1408
7Indonesia1050
8France800
9Taiwan792
10South Korea737

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11234291375
21230192944
3445186597
42267046
5143352643
6102247511
72336934
866633627
9338933432
10123226808

Suspected Bot List [2020-11-14]

detection period: 2020-11-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2159

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, November 14, 2020

Botnet Statistics [2020-11-13]

detection period: 2020-11-13 00:00-23:59 UTC
total number of suspected botnet IPs: 35054
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32720
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1503
2VIETTEL-VN772
3TENCENT-CN738
4HINET-NET731
5Baidu643
6DIGITALOCEAN-192-241-128-0634
7KORNET516
8ALISOFT467
9VNPT-VN449
10TELKOMNET388
RankCountry/Region# of suspected botnet IPs
1China8406
2United States3940
3Russian Federation2084
4India1998
5Viet Nam1918
6Brazil1694
7Indonesia1208
8Taiwan924
9France795
10South Korea784

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445372826
21234185394
31433136751
4102267491
52263315
692241766
72339268
822225950
932225929
102125836

Suspected Bot List [2020-11-13]

detection period: 2020-11-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2334

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, November 13, 2020

Botnet Statistics [2020-11-12]

detection period: 2020-11-12 00:00-23:59 UTC
total number of suspected botnet IPs: 36021
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 33595
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1549
2VIETTEL-VN783
3TENCENT-CN758
4HINET-NET684
5Baidu660
6DIGITALOCEAN-192-241-128-0634
7KORNET483
8VNPT-VN475
9ALISOFT453
10VE-CSVE-LACNIC409
RankCountry/Region# of suspected botnet IPs
1China8582
2United States4110
3India2242
4Russian Federation2107
5Viet Nam1898
6Brazil1735
7Indonesia1225
8Taiwan876
9France820
10Thailand817

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445384928
21234184875
3102263463
42261199
5143360256
6600045727
72337821
822236736
932235702
1012234245

Suspected Bot List [2020-11-12]

detection period: 2020-11-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2426

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, November 12, 2020

Botnet Statistics [2020-11-11]

detection period: 2020-11-11 00:00-23:59 UTC
total number of suspected botnet IPs: 36728
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34283
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1537
2VIETTEL-VN768
3TENCENT-CN764
4HINET-NET727
5Baidu679
6DIGITALOCEAN-192-241-128-0628
7VNPT-VN473
8ALISOFT469
9KORNET466
10TELKOMNET432
RankCountry/Region# of suspected botnet IPs
1China8612
2United States4191
3India2331
4Russian Federation2126
5Viet Nam1871
6Brazil1758
7Indonesia1318
8Taiwan920
9France826
10Thailand807

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12244970288
2445456735
31234184083
4143393516
52246119
6102245421
72335873
8338924405
922223006
1099922768

Suspected Bot List [2020-11-11]

detection period: 2020-11-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2445

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, November 11, 2020

Botnet Statistics [2020-11-10]

detection period: 2020-11-10 00:00-23:59 UTC
total number of suspected botnet IPs: 36848
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34348
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1566
2VIETTEL-VN836
3TENCENT-CN771
4HINET-NET697
5Baidu691
6DIGITALOCEAN-192-241-128-0621
7VNPT-VN538
8VE-CSVE-LACNIC452
9ALISOFT431
10TELKOMNET426
RankCountry/Region# of suspected botnet IPs
1China8705
2United States4136
3India2432
4Russian Federation2116
5Viet Nam2003
6Brazil1789
7Indonesia1349
8Taiwan890
9France834
10Thailand821

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445329703
2123470182
3143366240
480058295
52250802
6190046561
72333531
8102233472
95030893
10338918603

Suspected Bot List [2020-11-10]

detection period: 2020-11-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2500

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, November 10, 2020

Botnet Statistics [2020-11-09]

detection period: 2020-11-09 00:00-23:59 UTC
total number of suspected botnet IPs: 37657
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 34989
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:


The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1647
2VIETTEL-VN835
3TENCENT-CN802
4Baidu719
5HINET-NET666
6DIGITALOCEAN-192-241-128-0624
7VNPT-VN548
8ALISOFT445
9VE-CSVE-LACNIC436
10TELKOMNET431
RankCountry/Region# of suspected botnet IPs
1China9061
2United States4074
3India2409
4Russian Federation2296
5Viet Nam2042
6Brazil1735
7Indonesia1322
8France853
9Taiwan840
10Thailand824

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445588802
22245625
3143336912
42333791
5102232818
64926499
7220026446
8114416257
9123415225
10302215221

Suspected Bot List [2020-11-09]

detection period: 2020-11-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2668

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, November 9, 2020

Botnet Statistics [2020-11-08]

detection period: 2020-11-08 00:00-23:59 UTC
total number of suspected botnet IPs: 33690
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31532
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1642
2TENCENT-CN820
3Baidu740
4HINET-NET612
5DIGITALOCEAN-192-241-128-0606
6VIETTEL-VN550
7ALISOFT515
8UNICOM-HA436
9CMNET375
10NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK372

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9033
2United States4132
3Russian Federation1919
4India1553
5Brazil1514
6Viet Nam1426
7Indonesia918
8France896
9Taiwan788
10Mauritius617

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
122551140480
2445217664
32247560
4220044300
52337256
630032272
7102231697
8143327554
93619645
10302210879

Suspected Bot List [2020-11-08]

detection period: 2020-11-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 2158

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, November 8, 2020

Botnet Statistics [2020-11-07]

detection period: 2020-11-07 00:00-23:59 UTC
total number of suspected botnet IPs: 33391
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31196
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1444
2HINET-NET752
3TENCENT-CN691
4Baidu667
5VIETTEL-VN642
6DIGITALOCEAN-192-241-128-0628
7ALISOFT462
8VE-CSVE-LACNIC441
9UNICOM-HA420
10CMNET379

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8227
2United States3920
3India2120
4Russian Federation1864
5Viet Nam1626
6Brazil1495
7Indonesia1048
8Taiwan947
9France824
10Mauritius565

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445370917
2143375735
32344210
42244093
5160040362
658735440
7111030409
8111228699
930025072
104722987