Custom Search

Monday, September 30, 2019

Botnet Statistics [2019-09-29]

detection period: 2019-09-29 00:00-23:59 UTC
total number of suspected botnet IPs: 14153
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13533
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN499
2TencentCloud465
3Baidu449
4HINET-NET366
5KORNET287
6DO-13232
7DIGITALOCEAN-12213
8OVH177
9CMNET146
10VNPT-VN140

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3483
2United States1851
3France826
4Russian Federation584
5Brazil504
6South Korea472
7Taiwan434
8India419
9Viet Nam416
10Indonesia301

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1338923962
22220829
344519470
42316044
522210273
670709921
770716975
89546720
91496683
1080806576

Suspected Bot List [2019-09-29]

detection period: 2019-09-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 620

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, September 29, 2019

Botnet Statistics [2019-09-28]

detection period: 2019-09-28 00:00-23:59 UTC
total number of suspected botnet IPs: 14450
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13824
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN499
2TencentCloud471
3Baidu453
4HINET-NET367
5KORNET289
6DO-13230
7DIGITALOCEAN-12208
8VNPT-VN205
9OVH181
10CMNET154

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3420
2United States1821
3France832
4Russian Federation587
5Brazil548
6India514
7Viet Nam513
8South Korea470
9Taiwan436
10Indonesia312

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12217753
22316526
344514122
4338910170
51028611
614337464
755226893
866226148
980805383
107255222

Suspected Bot List [2019-09-28]

detection period: 2019-09-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 626

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
NG41.203.76.251Nigeria
ZA102.165.35.137South Africa

List from TCP port scans:

Saturday, September 28, 2019

Botnet Statistics [2019-09-27]

detection period: 2019-09-27 00:00-23:59 UTC
total number of suspected botnet IPs: 14966
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14227
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN506
2TencentCloud475
3Baidu458
4KORNET301
5DO-13247
6HINET-NET241
7VNPT-VN224
8DIGITALOCEAN-12198
9VIETTEL-VN175
10OVH174

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3437
2United States1855
3France842
4Russian Federation635
5Viet Nam602
6Brazil571
7India552
8South Korea493
9Indonesia401
10Taiwan296

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12218641
244515430
32313857
4338911786
522007621
670706882
711226513
814336467
922226355
107256049

Suspected Bot List [2019-09-27]

detection period: 2019-09-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 739

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, September 27, 2019

Botnet Statistics [2019-09-26]

detection period: 2019-09-26 00:00-23:59 UTC
total number of suspected botnet IPs: 15542
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14770
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN514
2TencentCloud480
3Baidu453
4KORNET287
5VNPT-VN252
6HINET-NET247
7DO-13241
8DIGITALOCEAN-12218
9CMNET180
10VIETTEL-VN173

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3566
2United States1954
3France796
4Brazil672
5Russian Federation669
6Viet Nam637
7India531
8South Korea478
9Indonesia441
10Taiwan314

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144523182
2143320598
32317107
42212117
522110662
670709395
750389201
822008775
959007539
1050007503

Suspected Bot List [2019-09-26]

detection period: 2019-09-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 772

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
NG41.203.76.251Nigeria
NL185.244.25.205Netherlands

List from TCP port scans:

Thursday, September 26, 2019

Botnet Statistics [2019-09-25]

detection period: 2019-09-25 00:00-23:59 UTC
total number of suspected botnet IPs: 15005
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14211
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud433
2TENCENT-CN430
3Baidu429
4KORNET283
5VNPT-VN262
6HINET-NET257
7DIGITALOCEAN-12204
8DO-13200
9OVH170
10CMNET167

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3373
2United States2023
3France746
4Russian Federation634
5Viet Nam628
6Brazil550
7India510
8South Korea465
9Indonesia424
10Taiwan320

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144527474
22315870
32215628
4590010374
550389625
680227647
714336695
833896379
922006099
1070705666

Suspected Bot List [2019-09-25]

detection period: 2019-09-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 794

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
EG41.32.37.250Egypt
NL185.244.25.190Netherlands
NL185.244.25.205Netherlands
ZA156.38.214.154South Africa

List from TCP port scans:

Wednesday, September 25, 2019

Botnet Statistics [2019-09-24]

detection period: 2019-09-24 00:00-23:59 UTC
total number of suspected botnet IPs: 15332
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14532
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu445
2TENCENT-CN433
3TencentCloud415
4DO-13296
5KORNET284
6HINET-NET283
7VNPT-VN233
8DIGITALOCEAN-12207
9AT-88-Z192
10OVH175

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3412
2United States2248
3France796
4Brazil621
5Viet Nam601
6India593
7Russian Federation573
8South Korea482
9Indonesia404
10Taiwan346

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1143323404
244521966
32221194
42314164
5338912455
659009013
780806044
87005804
918215651
1020225581

Suspected Bot List [2019-09-24]

detection period: 2019-09-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 800

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
NL185.244.25.205Netherlands
ZA102.165.35.137South Africa

List from TCP port scans:

Tuesday, September 24, 2019

Botnet Statistics [2019-09-23]

detection period: 2019-09-23 00:00-23:59 UTC
total number of suspected botnet IPs: 15584
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14672
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu448
2TENCENT-CN440
3TencentCloud412
4DO-13331
5KORNET305
6HINET-NET291
7VNPT-VN247
8DIGITALOCEAN-12220
9OVH181
10CMNET167

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3451
2United States2272
3France803
4Russian Federation617
5Brazil613
6Viet Nam599
7India545
8South Korea503
9Indonesia424
10Taiwan352

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144521956
22216597
32313288
4221229983
559009085
633897057
780806147
8255901
920225521
107244992

Suspected Bot List [2019-09-23]

detection period: 2019-09-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 912

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
IT37.130.156.36Italy

List from TCP port scans:

Monday, September 23, 2019

Botnet Statistics [2019-09-22]

detection period: 2019-09-22 00:00-23:59 UTC
total number of suspected botnet IPs: 15380
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14623
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu451
2TENCENT-CN448
3TencentCloud425
4DO-13403
5KORNET312
6HINET-NET283
7DIGITALOCEAN-12221
8VNPT-VN195
9OVH189
10AFRINIC-042005160

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3318
2United States2411
3France876
4Russian Federation647
5Brazil586
6South Korea527
7Viet Nam502
8India441
9Taiwan349
10Singapore332

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12221889
244518673
32313860
459007547
52227175
69135100
79374942
825634939
920224902
1080804838

Suspected Bot List [2019-09-22]

detection period: 2019-09-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 757

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
NL185.244.25.205Netherlands
ZA155.93.250.199South Africa

List from TCP port scans:

Sunday, September 22, 2019

Botnet Statistics [2019-09-21]

detection period: 2019-09-21 00:00-23:59 UTC
total number of suspected botnet IPs: 16813
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16053
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu460
2TENCENT-CN442
3TencentCloud433
4DO-13384
5KORNET338
6HINET-NET275
7DIGITALOCEAN-12218
8VNPT-VN198
9OVH179
10CMNET161

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3428
2United States2333
3France860
4Russian Federation633
5Brazil596
6India548
7South Korea535
8Viet Nam513
9Indonesia352
10Taiwan336

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144523147
22217489
32313612
459007625
520206241
620225617
76745207
81475002
97004865
1080804843

Suspected Bot List [2019-09-21]

detection period: 2019-09-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 816

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
EG156.222.61.72Egypt
MU197.227.103.183Mauritius

List from TCP port scans:

Saturday, September 21, 2019

Botnet Statistics [2019-09-20]

detection period: 2019-09-20 00:00-23:59 UTC
total number of suspected botnet IPs: 16813
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 16053
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu469
2TENCENT-CN446
3TencentCloud441
4DO-13410
5KORNET344
6HINET-NET311
7VNPT-VN254
8DIGITALOCEAN-12209
9OVH192
1002.558.157/0001-62172

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3486
2United States2534
3France906
4Brazil690
5Russian Federation673
6India616
7Viet Nam608
8South Korea560
9Indonesia398
10Taiwan387

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12218955
22314561
344512968
4222211326
559008236
680227933
730025948
880805823
920225211
1063795149

Suspected Bot List [2019-09-20]

detection period: 2019-09-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 760

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
MU105.21.33.2Mauritius
MX189.243.148.7Mexico
NL185.244.25.171Netherlands
NL185.244.25.205Netherlands
SN154.125.172.255Senegal

List from TCP port scans:

Friday, September 20, 2019

Botnet Statistics [2019-09-19]

detection period: 2019-09-19 00:00-23:59 UTC
total number of suspected botnet IPs: 18184
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 17390
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13478
2Baidu463
3TENCENT-CN448
4TencentCloud432
5KORNET346
6HINET-NET337
7VNPT-VN265
8DIGITALOCEAN-12217
9VIETTEL-VN195
10OVH192

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3734
2United States2861
3France943
4Brazil747
5Russian Federation730
6India709
7Viet Nam685
8South Korea575
9Indonesia455
10Taiwan399

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144518579
22216641
32315724
4637910471
550008688
630028659
770708603
880008262
959008043
10222226466

Suspected Bot List [2019-09-19]

detection period: 2019-09-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 794

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
DE116.203.218.159Germany
ES81.42.219.153Spain
MU105.21.33.2Mauritius

List from TCP port scans:

Thursday, September 19, 2019

Botnet Statistics [2019-09-18]

detection period: 2019-09-18 00:00-23:59 UTC
total number of suspected botnet IPs: 15627
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14905
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1Baidu425
2DO-13409
3HINET-NET301
4TENCENT-CN300
5TencentCloud291
6KORNET288
7VNPT-VN262
8DIGITALOCEAN-12219
9OVH179
10TELKOMNET152

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3217
2United States2434
3France773
4Russian Federation650
5India642
6Viet Nam622
7Brazil599
8South Korea481
9Indonesia471
10Taiwan350

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144524010
22218720
32316953
4503812480
563799962
659008350
730027875
811225934
980805264
107295237

Suspected Bot List [2019-09-18]

detection period: 2019-09-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 722

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES83.44.249.18Spain
NL185.244.25.171Netherlands

List from TCP port scans:

Wednesday, September 18, 2019

Botnet Statistics [2019-09-17]

detection period: 2019-09-17 00:00-23:59 UTC
total number of suspected botnet IPs: 15752
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15006
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13419
2Baidu416
3TENCENT-CN310
4KORNET302
5TencentCloud292
6HINET-NET267
7VNPT-VN248
8DIGITALOCEAN-12211
9CHINANET-GD172
10OVH169

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3458
2United States2458
3France743
4Russian Federation644
5India614
6Brazil585
7Viet Nam567
8South Korea503
9Indonesia472
10Taiwan330

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1503825998
2500023511
3707023507
4800023248
52223190
6700020605
744516543
82316257
92222212659
1059006619

Suspected Bot List [2019-09-17]

detection period: 2019-09-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 746

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ZA102.165.35.4South Africa
ZA169.0.226.142South Africa

List from TCP port scans:

Tuesday, September 17, 2019

Botnet Statistics [2019-09-16]

detection period: 2019-09-16 00:00-23:59 UTC
total number of suspected botnet IPs: 15985
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15304
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13447
2Baidu428
3TENCENT-CN304
4KORNET298
5HINET-NET296
6TencentCloud291
7DIGITALOCEAN-12246
8VNPT-VN212
9OVH169
10CMNET169

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3536
2United States2588
3France797
4Russian Federation645
5Brazil608
6India567
7Viet Nam531
8South Korea504
9Indonesia416
10Taiwan347

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144523643
22319708
32219266
421265802
520225763
61495406
722005248
880805210
94205178
107245117

Suspected Bot List [2019-09-16]

detection period: 2019-09-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 681

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, September 16, 2019

Botnet Statistics [2019-09-15]

detection period: 2019-09-15 00:00-23:59 UTC
total number of suspected botnet IPs: 15108
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14480
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13461
2Baidu420
3HINET-NET352
4TENCENT-CN306
5KORNET297
6TencentCloud289
7DIGITALOCEAN-12240
8OVH170
9CHINANET-GD156
10VNPT-VN155

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3372
2United States2465
3France830
4Russian Federation629
5Brazil538
6South Korea512
7India448
8Viet Nam427
9Taiwan406
10Singapore312

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12323070
244523060
32217422
433898309
517245587
670725567
76745563
84085315
96335274
1070775198

Suspected Bot List [2019-09-15]

detection period: 2019-09-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 628

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, September 15, 2019

Botnet Statistics [2019-09-14]

detection period: 2019-09-14 00:00-23:59 UTC
total number of suspected botnet IPs: 15060
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14442
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13491
2Baidu416
3TENCENT-CN401
4TencentCloud381
5HINET-NET304
6KORNET281
7DIGITALOCEAN-12212
8VNPT-VN190
9OVH177
1002.558.157/0001-62142

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3373
2United States2507
3France785
4Russian Federation568
5Brazil559
6India554
7Viet Nam508
8South Korea483
9Taiwan348
10Singapore329

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144540223
22319066
32216224
422226618
580805985
620225795
76745338
814005338
97195319
109215018

Suspected Bot List [2019-09-14]

detection period: 2019-09-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 618

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
GR150.140.135.202Greece
TN102.152.53.54Tunisia
ZA165.73.113.139South Africa

List from TCP port scans:

Saturday, September 14, 2019

Botnet Statistics [2019-09-13]

detection period: 2019-09-13 00:00-23:59 UTC
total number of suspected botnet IPs: 15613
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14784
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13475
2TENCENT-CN456
3Baidu408
4TencentCloud406
5KORNET291
6DIGITALOCEAN-12260
7HINET-NET251
8VNPT-VN234
9OVH174
10VIETTEL-VN151

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3387
2United States2509
3France805
4Russian Federation644
5Viet Nam615
6India597
7Brazil513
8South Korea487
9Indonesia390
10Singapore332

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12322005
244517177
32213610
420226866
580806104
614005893
714335646
86905310
97245306
106745256

Suspected Bot List [2019-09-13]

detection period: 2019-09-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 829

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ZA160.119.141.196South Africa

List from TCP port scans:

Friday, September 13, 2019

Botnet Statistics [2019-09-12]

detection period: 2019-09-12 00:00-23:59 UTC
total number of suspected botnet IPs: 14175
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 13530
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TENCENT-CN354
2TencentCloud338
3Baidu323
4HINET-NET312
5DO-13291
6DIGITALOCEAN-12283
7VNPT-VN275
8KORNET239
9VIETTEL-VN155
1002.558.157/0001-62148

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2894
2United States2108
3France663
4Viet Nam639
5Russian Federation624
6Brazil596
7India531
8South Korea401
9Indonesia389
10Taiwan377

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144528208
22326313
322219612
42219318
5222212708
6222229307
720229090
8815673
970465449
1014005306

Suspected Bot List [2019-09-12]

detection period: 2019-09-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 645

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES81.38.63.176Spain
ID103.255.121.135Indonesia
KR219.240.49.50South Korea
MA197.247.38.139Morocco
MX189.147.224.58Mexico
MX201.114.252.23Mexico
TH103.27.202.18Thailand
ZA160.119.141.196South Africa

List from TCP port scans:

Thursday, September 12, 2019

Botnet Statistics [2019-09-11]

detection period: 2019-09-11 00:00-23:59 UTC
total number of suspected botnet IPs: 10358
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 9864
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DIGITALOCEAN-12332
2HINET-NET297
3VNPT-VN238
4KORNET214
5DIGITALOCEAN-15163
6VIETTEL-VN142
7DO-13140
8TENCENT-CN125
902.558.157/0001-62121
10Baidu114

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China1662
2United States1581
3Viet Nam536
4Russian Federation486
5Brazil475
6India419
7France367
8Taiwan365
9South Korea328
10Indonesia308

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144536968
22326849
32218440
42222217305
522216673
6222215582
714339744
850385736
9815353
106744685

Suspected Bot List [2019-09-11]

detection period: 2019-09-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 494

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
EG41.77.137.114Egypt
ES80.58.142.254Spain
ES81.42.219.153Spain
LK203.115.15.210Sri Lanka
MX189.147.224.58Mexico
MX201.114.252.23Mexico
TH103.27.202.18Thailand
TZ41.93.40.16Tanzania
US18.27.197.252United States

List from TCP port scans:

Wednesday, September 11, 2019

Botnet Statistics [2019-09-10]

detection period: 2019-09-10 00:00-23:59 UTC
total number of suspected botnet IPs: 10400
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 9954
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HINET-NET282
2DIGITALOCEAN-12277
3VNPT-VN246
4KORNET228
5DIGITALOCEAN-15164
6VIETTEL-VN139
7TELKOMNET138
8DO-13136
902.558.157/0001-62121
10TencentCloud111

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China1638
2United States1601
3Viet Nam537
4Russian Federation516
5Brazil501
6India379
7France374
8South Korea351
9Indonesia345
10Taiwan342

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
144530228
22327963
32215743
4222214855
522212507
6503811451
72222211162
880009375
970708993
1030227187

Suspected Bot List [2019-09-10]

detection period: 2019-09-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 446

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
BJ41.74.4.114Benin
BR150.161.8.120Brazil
CM195.24.207.199Cameroon
ES2.139.176.35Spain
ES80.58.142.254Spain
JP210.227.113.18Japan
MX189.169.141.154Mexico
NG80.248.6.187Nigeria
SN154.65.33.198Senegal
TZ41.93.40.16Tanzania

List from TCP port scans:

Tuesday, September 10, 2019

Botnet Statistics [2019-09-09]

detection period: 2019-09-09 00:00-23:59 UTC
total number of suspected botnet IPs: 12191
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 11679
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1VNPT-VN311
2DIGITALOCEAN-12286
3HINET-NET273
4KORNET223
5TencentCloud180
6TENCENT-CN171
7DIGITALOCEAN-15171
8AT-88-Z166
9Baidu165
10DO-13164

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China2024
2United States2005
3Viet Nam660
4Russian Federation599
5India520
6Brazil503
7France410
8Indonesia397
9South Korea343
10Taiwan336

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1302237395
22323874
344523030
42218491
5222212593
6590011927
722211206
8819813
9222229315
1070467404

Suspected Bot List [2019-09-09]

detection period: 2019-09-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 512

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry
ES2.139.176.35Spain
ES83.48.101.184Spain
JP210.227.113.18Japan
KR219.240.49.50South Korea
MA41.249.94.232Morocco
PL91.90.190.130Poland

List from TCP port scans:

Monday, September 9, 2019

Botnet Statistics [2019-09-08]

detection period: 2019-09-08 00:00-23:59 UTC
total number of suspected botnet IPs: 15505
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14910
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1DO-13476
2TENCENT-CN475
3Baidu415
4TencentCloud402
5KORNET297
6DIGITALOCEAN-12261
7HINET-NET257
8AT-88-Z239
9VNPT-VN217
10DIGITALOCEAN-15182

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China3373
2United States2853
3France791
4Brazil638
5Russian Federation626
6Viet Nam505
7South Korea477
8India467
9Indonesia327
10Taiwan313

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12323077
244520389
32214635
4338910563
559009079
67006767
722006686
830226610
96746007
1022225940