Custom Search

Saturday, August 31, 2019

Botnet Statistics [2019-08-30]

detection period: 2019-08-30 00:00-23:59 UTC
total number of suspected botnet IPs: 14830
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14036
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13461
2Baidu456
3TENCENT-CN306
4KORNET305
5DIGITALOCEAN-15299
6TencentCloud274
7HINET-NET257
8VNPT-VN197
9OVH187
10CHINANET-GD148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3055
2United States2472
3France765
4Russian Federation552
5India549
6Brazil520
7Viet Nam519
8South Korea501
9Indonesia369
10Singapore324

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144524035
22322075
32219376
4338913546
5339011393
6339110879
76945406
821265052
96645014
1018115008

Suspected Bot List [2019-08-30]

detection period: 2019-08-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 794

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
MA160.177.205.105Morocco

List from TCP port scans:

Friday, August 30, 2019

Botnet Statistics [2019-08-29]

detection period: 2019-08-29 00:00-23:59 UTC
total number of suspected botnet IPs: 15091
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14474
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu462
2DO-13461
3KORNET323
4TENCENT-CN322
5HINET-NET297
6TencentCloud279
7VNPT-VN243
8OVH179
9MSFT163
1002.558.157/0001-62163

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3061
2United States2512
3France794
4Brazil586
5Viet Nam580
6Russian Federation576
7India544
8South Korea521
9Indonesia407
10Taiwan345

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144530378
22320424
32217834
4338911877
5339011351
633918942
750387386
814155272
94255251
1080805108

Suspected Bot List [2019-08-29]

detection period: 2019-08-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 617

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
GH197.251.253.241Ghana

List from TCP port scans:

Thursday, August 29, 2019

Botnet Statistics [2019-08-28]

detection period: 2019-08-28 00:00-23:59 UTC
total number of suspected botnet IPs: 14646
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13909
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu464
2DO-13458
3TENCENT-CN335
4KORNET313
5TencentCloud302
6HINET-NET279
7VNPT-VN199
8OVH180
9CHINANET-GD171
10MSFT164

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3207
2United States2382
3France802
4India542
5South Korea503
6Russian Federation495
7Brazil494
8Viet Nam483
9Indonesia401
10Taiwan312

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144525331
22218519
32317648
4339011542
5338911473
650389181
733919019
814335861
922005407
1080805376

Suspected Bot List [2019-08-28]

detection period: 2019-08-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 737

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES2.139.215.255Spain
KR210.102.196.180South Korea
KR211.232.253.63South Korea

List from TCP port scans:

Wednesday, August 28, 2019

Botnet Statistics [2019-08-27]

detection period: 2019-08-27 00:00-23:59 UTC
total number of suspected botnet IPs: 15406
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14786
number of spam blocked: 0
recipient count of spam blocked: 0

Today I add a new chart for the top 10 most scanned TCP ports.

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu474
2DO-13444
3TENCENT-CN336
4HINET-NET325
5TencentCloud313
6KORNET304
7VNPT-VN247
8OVH173
9CHINANET-GD173
10MSFT165

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3241
2United States2415
3France795
4India623
5Brazil600
6Russian Federation597
7Viet Nam584
8South Korea493
9Indonesia442
10Taiwan373

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12546741
211046317
344523659
42321843
5338915241
6339014770
7503813861
82213016
9339112456
1014338225

Suspected Bot List [2019-08-27]

detection period: 2019-08-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 620

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES88.16.239.65Spain

List from TCP port scans:

Tuesday, August 27, 2019

Botnet Statistics [2019-08-26]

detection period: 2019-08-26 00:00-23:59 UTC
total number of suspected botnet IPs: 15886
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15219
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu471
2DO-13454
3TENCENT-CN369
4TencentCloud340
5HINET-NET317
6KORNET310
7VNPT-VN247
8OVH181
9MSFT180
10CHINANET-GD167

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3383
2United States2544
3France823
4Brazil625
5India612
6Russian Federation592
7Viet Nam559
8South Korea515
9Indonesia462
10Taiwan374

Suspected Bot List [2019-08-26]

detection period: 2019-08-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 667

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
IN27.116.17.13India

List from TCP port scans:

Monday, August 26, 2019

Botnet Statistics [2019-08-25]

detection period: 2019-08-25 00:00-23:59 UTC
total number of suspected botnet IPs: 15727
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15123
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN589
2TencentCloud520
3DO-13463
4Baidu462
5KORNET316
6HINET-NET309
7MSFT190
8OVH188
902.558.157/0001-62162
10VNPT-VN151

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3657
2United States2695
3France844
4Brazil618
5Russian Federation595
6South Korea527
7India468
8Viet Nam415
9Taiwan360
10Indonesia348

Suspected Bot List [2019-08-25]

detection period: 2019-08-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 604

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DZ197.204.42.37Algeria
PL91.90.190.130Poland
US18.27.197.252United States

List from TCP port scans:

Sunday, August 25, 2019

Botnet Statistics [2019-08-24]

detection period: 2019-08-24 00:00-23:59 UTC
total number of suspected botnet IPs: 16251
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15614
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN619
2TencentCloud528
3Baidu471
4DO-13460
5HINET-NET380
6KORNET322
7OVH186
8MSFT183
9VNPT-VN180
10AT-88-Z175

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3771
2United States2704
3France839
4Brazil617
5Russian Federation613
6India521
7South Korea518
8Viet Nam453
9Taiwan436
10Indonesia396

Suspected Bot List [2019-08-24]

detection period: 2019-08-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 637

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES80.36.63.56Spain
GB144.178.130.169United Kingdom

List from TCP port scans:

Saturday, August 24, 2019

Botnet Statistics [2019-08-23]

detection period: 2019-08-23 00:00-23:59 UTC
total number of suspected botnet IPs: 16261
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15405
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN635
2TencentCloud536
3Baidu471
4DO-13453
5KORNET342
6HINET-NET296
7VNPT-VN199
8MSFT194
9OVH189
10AT-88-Z181

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3877
2United States2749
3France807
4India612
5Russian Federation587
6South Korea553
7Brazil514
8Viet Nam451
9Indonesia408
10Taiwan344

Suspected Bot List [2019-08-23]

detection period: 2019-08-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 856

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
NL185.244.25.120Netherlands
TZ41.86.166.189Tanzania

List from TCP port scans:

Friday, August 23, 2019

Botnet Statistics [2019-08-22]

detection period: 2019-08-22 00:00-23:59 UTC
total number of suspected botnet IPs: 16298
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15502
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN635
2TencentCloud552
3Baidu483
4DO-13455
5KORNET323
6CHINANET-JS311
7HINET-NET283
8VNPT-VN202
9OVH199
10MSFT196

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4033
2United States2638
3France829
4India568
5Russian Federation558
6Brazil552
7South Korea501
8Viet Nam451
9Indonesia423
10Taiwan330

Suspected Bot List [2019-08-22]

detection period: 2019-08-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 796

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KR210.223.246.113South Korea

List from TCP port scans:

Thursday, August 22, 2019

Botnet Statistics [2019-08-21]

detection period: 2019-08-21 00:00-23:59 UTC
total number of suspected botnet IPs: 15752
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14996
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN632
2TencentCloud556
3DO-13505
4Baidu489
5KORNET318
6HINET-NET255
7VNPT-VN198
8OVH190
9MSFT187
10CHINANET-GD159

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3900
2United States2661
3France851
4India549
5Brazil515
6South Korea512
7Russian Federation488
8Viet Nam430
9Indonesia408
10Singapore324

Suspected Bot List [2019-08-21]

detection period: 2019-08-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 756

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KE41.204.161.161Kenya
SE46.29.248.238Sweden
US18.85.192.253United States

List from TCP port scans:

Wednesday, August 21, 2019

Botnet Statistics [2019-08-20]

detection period: 2019-08-20 00:00-23:59 UTC
total number of suspected botnet IPs: 16664
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15895
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN622
2TencentCloud543
3DO-13536
4Baidu494
5KORNET329
6HINET-NET254
7MSFT198
8VNPT-VN196
9OVH187
10CHINANET-JS168

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3978
2United States2756
3France861
4Brazil681
5India604
6Russian Federation550
7South Korea532
8Viet Nam448
9Indonesia439
10Singapore356

Suspected Bot List [2019-08-20]

detection period: 2019-08-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 769

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BG45.67.14.180Bulgaria
KE41.204.161.161Kenya
US45.55.42.17United States
US45.119.209.91United States
ZA102.132.255.241South Africa

List from TCP port scans:

Tuesday, August 20, 2019

Botnet Statistics [2019-08-19]

detection period: 2019-08-19 00:00-23:59 UTC
total number of suspected botnet IPs: 17425
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16579
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN647
2TencentCloud542
3DO-13528
4Baidu500
5KORNET334
6HINET-NET259
7VNPT-VN196
8MSFT191
9OVH188
10CHINANET-GD180

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4064
2United States2838
3France878
4India668
5Brazil614
6Russian Federation560
7South Korea552
8Viet Nam491
9Indonesia474
10Singapore354

Suspected Bot List [2019-08-19]

detection period: 2019-08-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 846

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BR177.200.8.88Brazil

List from TCP port scans:

Monday, August 19, 2019

Botnet Statistics [2019-08-18]

detection period: 2019-08-18 00:00-23:59 UTC
total number of suspected botnet IPs: 16322
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15565
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN637
2TencentCloud545
3DO-13505
4Baidu484
5KORNET336
6HINET-NET276
7MSFT189
8OVH187
9CHINANET-GD186
10CMNET162

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3951
2United States2770
3France879
4Brazil563
5South Korea548
6Russian Federation539
7India536
8Indonesia378
9Germany371
10Singapore365

Suspected Bot List [2019-08-18]

detection period: 2019-08-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 757

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BR187.102.146.102Brazil
MA197.247.50.131Morocco

List from TCP port scans:

Sunday, August 18, 2019

Botnet Statistics [2019-08-17]

detection period: 2019-08-17 00:00-23:59 UTC
total number of suspected botnet IPs: 16200
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15586
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN630
2TencentCloud518
3DO-13501
4Baidu475
5KORNET338
6HINET-NET212
7OVH191
8CHINANET-GD182
9MSFT169
10CMNET161

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3784
2United States2644
3France886
4Brazil635
5India620
6South Korea541
7Russian Federation509
8Viet Nam403
9Singapore346
10Indonesia346

Suspected Bot List [2019-08-17]

detection period: 2019-08-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 614

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, August 17, 2019

Botnet Statistics [2019-08-16]

detection period: 2019-08-16 00:00-23:59 UTC
total number of suspected botnet IPs: 16259
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15628
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN609
2TencentCloud479
3Baidu456
4DO-13444
5KORNET332
6HINET-NET305
7VNPT-VN210
8CHINANET-JS207
9OVH185
10CHINANET-GD172

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3733
2United States2554
3France862
4Brazil641
5India627
6Russian Federation551
7South Korea546
8Viet Nam480
9Indonesia426
10Taiwan371

Suspected Bot List [2019-08-16]

detection period: 2019-08-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 632

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
JP133.130.117.173Japan
US159.65.159.1United States

List from TCP port scans:

Friday, August 16, 2019

Botnet Statistics [2019-08-15]

detection period: 2019-08-15 00:00-23:59 UTC
total number of suspected botnet IPs: 16615
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15753
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN630
2TencentCloud493
3DO-13460
4Baidu457
5KORNET326
6HINET-NET278
7VNPT-VN218
8OVH185
9CHINANET-JS169
10CHINANET-GD165

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3825
2United States2734
3France895
4Brazil591
5South Korea541
6Russian Federation511
7Viet Nam504
8India501
9Indonesia442
10Singapore335

Suspected Bot List [2019-08-15]

detection period: 2019-08-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 862

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, August 15, 2019

Botnet Statistics [2019-08-14]

detection period: 2019-08-14 00:00-23:59 UTC
total number of suspected botnet IPs: 17295
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16410
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN616
2TencentCloud468
3DO-13467
4Baidu461
5KORNET325
6HINET-NET264
7VNPT-VN229
8OVH184
9CHINANET-GD176
10GLOBAL-FRAG-NETWORKS174

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3904
2United States2764
3France904
4India651
5Brazil651
6Viet Nam553
7South Korea546
8Russian Federation524
9Indonesia444
10Germany350

Suspected Bot List [2019-08-14]

detection period: 2019-08-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 885

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DZ193.194.92.149Algeria
EG156.208.190.108Egypt

List from TCP port scans:

Wednesday, August 14, 2019

Botnet Statistics [2019-08-13]

detection period: 2019-08-13 00:00-23:59 UTC
total number of suspected botnet IPs: 16680
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15817
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN571
2TencentCloud445
3Baidu432
4DO-13430
5KORNET337
6HINET-NET239
7GLOBAL-FRAG-NETWORKS228
8VNPT-VN194
9OVH179
10CHINANET-GD176

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3629
2United States2888
3France862
4India599
5South Korea548
6Brazil547
7Russian Federation480
8Viet Nam471
9Indonesia436
10Germany399

Suspected Bot List [2019-08-13]

detection period: 2019-08-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 863

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
GB128.243.74.45United Kingdom
MU197.227.105.143Mauritius
SE46.29.248.238Sweden

List from TCP port scans:

Tuesday, August 13, 2019

Botnet Statistics [2019-08-12]

detection period: 2019-08-12 00:00-23:59 UTC
total number of suspected botnet IPs: 18029
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17085
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN575
2DO-13459
3TencentCloud454
4Baidu450
5KORNET352
6HINET-NET313
7GLOBAL-FRAG-NETWORKS240
8VNPT-VN213
9OVH186
10MSFT171

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China4029
2United States2936
3France921
4India632
5Brazil626
6South Korea587
7Russian Federation541
8Indonesia480
9Viet Nam479
10Singapore388

Suspected Bot List [2019-08-12]

detection period: 2019-08-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 944

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
US18.85.192.253United States

List from TCP port scans:

Monday, August 12, 2019

Botnet Statistics [2019-08-11]

detection period: 2019-08-11 00:00-23:59 UTC
total number of suspected botnet IPs: 13758
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13031
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13364
2Baidu356
3KORNET308
4TENCENT-CN270
5GLOBAL-FRAG-NETWORKS250
6HINET-NET210
7TencentCloud203
8AT-88-Z162
9CHINANET-JS149
10OVH148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3059
2United States2311
3France681
4South Korea510
5Brazil459
6India450
7Russian Federation415
8Viet Nam343
9Singapore284
10Taiwan250

Suspected Bot List [2019-08-11]

detection period: 2019-08-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 727

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BR187.102.146.102Brazil
SE46.29.248.238Sweden
SN154.124.68.66Senegal
US18.85.192.253United States

List from TCP port scans:

Sunday, August 11, 2019

Botnet Statistics [2019-08-10]

detection period: 2019-08-10 00:00-23:59 UTC
total number of suspected botnet IPs: 13880
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13163
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13360
2Baidu350
3KORNET297
4TENCENT-CN270
5HINET-NET214
6GLOBAL-FRAG-NETWORKS213
7TencentCloud208
8AT-88-Z198
9VNPT-VN165
10CHINANET-JS159

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2965
2United States2447
3France674
4India592
5South Korea499
6Brazil479
7Russian Federation430
8Viet Nam406
9Indonesia298
10Singapore281

Suspected Bot List [2019-08-10]

detection period: 2019-08-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 717

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, August 10, 2019

Botnet Statistics [2019-08-09]

detection period: 2019-08-09 00:00-23:59 UTC
total number of suspected botnet IPs: 14313
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13554
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13352
2Baidu352
3KORNET299
4TENCENT-CN273
5VNPT-VN259
6HINET-NET246
7AT-88-Z216
8TencentCloud199
9GLOBAL-FRAG-NETWORKS171
10CHINANET-JS147

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2970
2United States2436
3France664
4India562
5Viet Nam537
6South Korea481
7Brazil472
8Russian Federation436
9Indonesia354
10Taiwan285

Suspected Bot List [2019-08-09]

detection period: 2019-08-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 759

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, August 9, 2019

Botnet Statistics [2019-08-08]

detection period: 2019-08-08 00:00-23:59 UTC
total number of suspected botnet IPs: 14448
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13716
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13365
2Baidu354
3KORNET294
4TENCENT-CN270
5GLOBAL-FRAG-NETWORKS250
6VNPT-VN228
7HINET-NET212
8TencentCloud196
9OVH152
10AT-88-Z146

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2978
2United States2373
3France698
4India566
5Viet Nam510
6South Korea477
7Brazil470
8Russian Federation436
9Indonesia378
10Singapore276

Suspected Bot List [2019-08-08]

detection period: 2019-08-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 732

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KR211.118.42.251South Korea

List from TCP port scans:

Thursday, August 8, 2019

Botnet Statistics [2019-08-07]

detection period: 2019-08-07 00:00-23:59 UTC
total number of suspected botnet IPs: 14672
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13917
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13380
2Baidu363
3HINET-NET355
4KORNET280
5TENCENT-CN268
6AT-88-Z223
7VNPT-VN213
8TencentCloud198
9OVH157
10GLOBAL-FRAG-NETWORKS154

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2961
2United States2554
3France712
4India575
5Viet Nam503
6Brazil500
7South Korea463
8Russian Federation451
9Taiwan400
10Indonesia379

Suspected Bot List [2019-08-07]

detection period: 2019-08-07 00:00-23:59 UTC
number of suspected bots' IPs listed here: 755

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KR211.118.42.251South Korea

List from TCP port scans:

Wednesday, August 7, 2019

Botnet Statistics [2019-08-06]

detection period: 2019-08-06 00:00-23:59 UTC
total number of suspected botnet IPs: 14610
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13823
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13387
2Baidu366
3TENCENT-CN302
4KORNET299
5HINET-NET275
6TencentCloud231
7VNPT-VN228
8GLOBAL-FRAG-NETWORKS172
9CHINANET-JS168
10MSFT156

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2897
2United States2598
3France732
4India611
5Viet Nam502
6Brazil495
7Russian Federation485
8South Korea484
9Indonesia384
10Taiwan315

Suspected Bot List [2019-08-06]

detection period: 2019-08-06 00:00-23:59 UTC
number of suspected bots' IPs listed here: 787

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
US18.21.176.208United States

List from TCP port scans:

Tuesday, August 6, 2019

Botnet Statistics [2019-08-05]

detection period: 2019-08-05 00:00-23:59 UTC
total number of suspected botnet IPs: 13785
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12996
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13387
2Baidu380
3TENCENT-CN323
4HINET-NET281
5KORNET275
6TencentCloud248
7VNPT-VN198
8OVH155
9MSFT153
10CHINANET-GD135

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2832
2United States2429
3France751
4India565
5Viet Nam476
6South Korea445
7Brazil425
8Russian Federation377
9Indonesia361
10Singapore317

Suspected Bot List [2019-08-05]

detection period: 2019-08-05 00:00-23:59 UTC
number of suspected bots' IPs listed here: 789

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, August 5, 2019

Botnet Statistics [2019-08-04]

detection period: 2019-08-04 00:00-23:59 UTC
total number of suspected botnet IPs: 13380
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 12693
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN479
2DO-13387
3TencentCloud383
4Baidu383
5HINET-NET292
6KORNET282
7GLOBAL-FRAG-NETWORKS224
8OVH150
9MSFT143
10AT-88-Z134

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3053
2United States2516
3France758
4South Korea459
5India430
6Brazil404
7Russian Federation377
8Taiwan326
9Singapore308
10Viet Nam278

Suspected Bot List [2019-08-04]

detection period: 2019-08-04 00:00-23:59 UTC
number of suspected bots' IPs listed here: 687

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
KR203.252.68.87South Korea

List from TCP port scans:

Sunday, August 4, 2019

Botnet Statistics [2019-08-03]

detection period: 2019-08-03 00:00-23:59 UTC
total number of suspected botnet IPs: 14220
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13480
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN513
2TencentCloud415
3DO-13398
4Baidu388
5HINET-NET339
6KORNET294
7GLOBAL-FRAG-NETWORKS196
8OVH158
9AT-88-Z151
10CHINANET-GD150

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3237
2United States2524
3France751
4India519
5South Korea459
6Brazil426
7Viet Nam397
8Russian Federation383
9Taiwan376
10Singapore315