Daily Botnet Statistics: October 2019

Thursday, October 31, 2019

Botnet Statistics [2019-10-30]

detection period: 2019-10-30 00:00-23:59 UTC
total number of suspected botnet IPs: 15842
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15280
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	627
2	TencentCloud	584
3	TENCENT-CN	572
4	KORNET	322
5	CMNET	257
6	HINET-NET	255
7	VNPT-VN	245
8	DO-13	236
9	VIETTEL-VN	191
10	DIGITALOCEAN-12	180

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4548
2	United States	1949
3	France	764
4	Viet Nam	691
5	Russian Federation	619
6	India	546
7	Brazil	536
8	Indonesia	488
9	South Korea	485
10	Taiwan	333

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	999	47531
2	445	18264
3	22	17506
4	23	13038
5	5038	9989
6	611	7559
7	4022	7558
8	991	7132
9	1000	6948
10	9112	6819

Suspected Bot List [2019-10-30]

detection period: 2019-10-30 00:00-23:59 UTC
number of suspected bots' IPs listed here: 562

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country

List from TCP port scans:

Botnet Statistics [2019-10-29]

detection period: 2019-10-29 00:00-23:59 UTC
total number of suspected botnet IPs: 16480
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15837
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	628
2	TencentCloud	589
3	TENCENT-CN	570
4	KORNET	303
5	VNPT-VN	258
6	HINET-NET	250
7	CMNET	246
8	DO-13	241
9	DIGITALOCEAN-12	233
10	OVH	173

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4612
2	United States	2085
3	France	784
4	Viet Nam	707
5	Russian Federation	613
6	Brazil	603
7	India	557
8	Indonesia	504
9	South Korea	469
10	Singapore	313

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	999	36974
2	445	19016
3	22	16673
4	23	13903
5	1212	9554
6	1000	8206
7	9165	7910
8	3389	7137
9	21	7135
10	611	7061

Suspected Bot List [2019-10-29]

detection period: 2019-10-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 643

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
ES	83.52.70.229	Spain
KR	210.103.97.135	South Korea
NG	41.87.80.26	Nigeria

List from TCP port scans:

Botnet Statistics [2019-10-28]

detection period: 2019-10-28 00:00-23:59 UTC
total number of suspected botnet IPs: 16604
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15975
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	640
2	TencentCloud	598
3	TENCENT-CN	578
4	KORNET	302
5	VNPT-VN	270
6	DO-13	262
7	HINET-NET	248
8	CMNET	231
9	DIGITALOCEAN-12	208
10	ALISOFT	182

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4546
2	United States	2166
3	France	806
4	Viet Nam	696
5	Russian Federation	684
6	Brazil	570
7	India	528
8	South Korea	464
9	Indonesia	457
10	Singapore	318

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	25951
2	22	16528
3	23	14137
4	4022	7605
5	1433	6928
6	9001	6916
7	3389	6764
8	5900	6390
9	2712	6375
10	9000	6323

Suspected Bot List [2019-10-28]

detection period: 2019-10-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 629

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country

List from TCP port scans:

Botnet Statistics [2019-10-27]

detection period: 2019-10-27 00:00-23:59 UTC
total number of suspected botnet IPs: 15965
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15381
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	643
2	TencentCloud	597
3	TENCENT-CN	576
4	KORNET	318
5	DO-13	280
6	CMNET	208
7	DIGITALOCEAN-12	196
8	OVH	183
9	CHINANET-JS	168
10	CHINANET-GD	166

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4548
2	United States	2186
3	France	869
4	Russian Federation	610
5	Brazil	524
6	Viet Nam	513
7	South Korea	493
8	India	468
9	Indonesia	366
10	Singapore	337

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	41612
2	22	22354
3	23	16599
4	2222	10444
5	1221	8735
6	5000	8402
7	3389	7976
8	27	7801
9	4022	7667
10	22122	7506

Suspected Bot List [2019-10-27]

detection period: 2019-10-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 584

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
GH	197.251.207.20	Ghana

List from TCP port scans:

Botnet Statistics [2019-10-26]

detection period: 2019-10-26 00:00-23:59 UTC
total number of suspected botnet IPs: 15987
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15422
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	624
2	TENCENT-CN	581
3	TencentCloud	575
4	KORNET	306
5	DO-13	257
6	DIGITALOCEAN-12	229
7	CMNET	228
8	OVH	185
9	HINET-NET	180
10	VNPT-VN	173

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4443
2	United States	2131
3	France	831
4	Russian Federation	622
5	India	567
6	Viet Nam	545
7	Brazil	529
8	South Korea	475
9	Indonesia	416
10	Singapore	333

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	40125
2	22	24822
3	23	13334
4	2	10236
5	2277	8304
6	4022	7716
7	9001	6676
8	9006	6244
9	2161	6195
10	2709	6121

Suspected Bot List [2019-10-26]

detection period: 2019-10-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 565

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
CA	51.79.123.194	Canada

List from TCP port scans:

Botnet Statistics [2019-10-25]

detection period: 2019-10-25 00:00-23:59 UTC
total number of suspected botnet IPs: 15265
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14649
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	525
2	TencentCloud	507
3	TENCENT-CN	505
4	KORNET	290
5	VNPT-VN	236
6	DO-13	228
7	CMNET	207
8	DIGITALOCEAN-12	202
9	HINET-NET	179
10	OVH	171

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4130
2	United States	1933
3	France	745
4	Viet Nam	643
5	India	611
6	Russian Federation	605
7	Brazil	531
8	Indonesia	439
9	South Korea	436
10	Singapore	296

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	2	80172
2	445	33606
3	22	15258
4	23	14774
5	4022	8108
6	7070	8106
7	3389	6754
8	1433	6439
9	9006	6412
10	2701	6157

Suspected Bot List [2019-10-25]

detection period: 2019-10-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 616

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
CA	184.67.105.182	Canada
ZA	197.97.230.163	South Africa

List from TCP port scans:

Botnet Statistics [2019-10-24]

detection period: 2019-10-24 00:00-23:59 UTC
total number of suspected botnet IPs: 15600
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14996
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	531
2	TENCENT-CN	511
3	TencentCloud	497
4	KORNET	276
5	VNPT-VN	243
6	CMNET	238
7	DIGITALOCEAN-12	218
8	DO-13	217
9	HINET-NET	189
10	OVH	167

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4337
2	United States	1842
3	France	726
4	Viet Nam	670
5	India	660
6	Russian Federation	592
7	Brazil	545
8	Indonesia	461
9	South Korea	421
10	Singapore	290

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	2	79434
2	445	20017
3	23	17741
4	22	15483
5	21	13512
6	5038	8845
7	4022	8128
8	1433	6981
9	2712	6315
10	2710	5914

Suspected Bot List [2019-10-24]

detection period: 2019-10-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 604

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
DE	116.203.156.230	Germany
MX	189.254.33.157	Mexico
PK	58.65.135.98	Pakistan

List from TCP port scans:

Botnet Statistics [2019-10-23]

detection period: 2019-10-23 00:00-23:59 UTC
total number of suspected botnet IPs: 15705
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15089
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	523
2	TENCENT-CN	510
3	TencentCloud	506
4	KORNET	273
5	VNPT-VN	268
6	DO-13	234
7	DIGITALOCEAN-12	222
8	CMNET	216
9	HINET-NET	191
10	VIETTEL-VN	185

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4072
2	United States	1987
3	France	744
4	Viet Nam	718
5	India	664
6	Russian Federation	646
7	Brazil	540
8	Indonesia	474
9	South Korea	441
10	Singapore	289

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	2	77829
2	445	26749
3	5900	20584
4	23	17023
5	22	14702
6	1433	8814
7	4022	7910
8	9001	6461
9	2712	6166
10	2738	5978

Suspected Bot List [2019-10-23]

detection period: 2019-10-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 616

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country

List from TCP port scans:

Botnet Statistics [2019-10-22]

detection period: 2019-10-22 00:00-23:59 UTC
total number of suspected botnet IPs: 15679
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15025
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	525
2	TENCENT-CN	516
3	TencentCloud	515
4	KORNET	304
5	VNPT-VN	255
6	DO-13	233
7	HINET-NET	224
8	CMNET	218
9	DIGITALOCEAN-12	205
10	VIETTEL-VN	187

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	3974
2	United States	2012
3	France	753
4	Viet Nam	681
5	Russian Federation	631
6	India	621
7	Brazil	538
8	Indonesia	488
9	South Korea	462
10	Singapore	297

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	2	76349
2	445	19039
3	22	15154
4	23	13015
5	9001	8441
6	4022	8010
7	1433	7363
8	2710	6612
9	2161	6332
10	962	6080

Suspected Bot List [2019-10-22]

detection period: 2019-10-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 654

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
CA	184.67.105.182	Canada
ES	80.28.238.53	Spain
FR	89.80.167.76	France

List from TCP port scans:

Botnet Statistics [2019-10-21]

detection period: 2019-10-21 00:00-23:59 UTC
total number of suspected botnet IPs: 16477
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15847
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	530
2	TencentCloud	504
3	TENCENT-CN	502
4	VNPT-VN	307
5	HINET-NET	299
6	KORNET	288
7	DO-13	221
8	CMNET	218
9	DIGITALOCEAN-12	216
10	VIETTEL-VN	202

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4041
2	United States	2115
3	France	765
4	Viet Nam	732
5	Russian Federation	706
6	India	625
7	Brazil	579
8	Indonesia	527
9	South Korea	450
10	Taiwan	381

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	23	17182
2	22	16461
3	445	11433
4	1433	8777
5	9001	8564
6	4022	8043
7	2704	6936
8	2710	6785
9	2712	6687
10	7070	6570

Suspected Bot List [2019-10-21]

detection period: 2019-10-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 630

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
ES	83.56.9.1	Spain

List from TCP port scans:

Botnet Statistics [2019-10-20]

detection period: 2019-10-20 00:00-23:59 UTC
total number of suspected botnet IPs: 15354
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 14794
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	TencentCloud	517
2	Baidu	507
3	TENCENT-CN	498
4	HINET-NET	354
5	KORNET	311
6	CMNET	217
7	DO-13	211
8	VNPT-VN	207
9	DIGITALOCEAN-12	198
10	VIETTEL-VN	185

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	3919
2	United States	1959
3	France	787
4	Russian Federation	594
5	Viet Nam	573
6	Brazil	539
7	Taiwan	476
8	South Korea	465
9	India	459
10	Indonesia	415

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	25175
2	22	15572
3	23	12484
4	9001	10097
5	4022	7749
6	9006	7126
7	2172	6991
8	1433	6890
9	7135	6464
10	7156	6433

Suspected Bot List [2019-10-20]

detection period: 2019-10-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 560

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
FR	176.168.157.23	France

List from TCP port scans:

Botnet Statistics for September 2019

detection period: 2019-09-01 00:00 - 2019-09-30 23:59 UTC
total number of suspected botnet IPs: 142242

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	19147
2	United States	14348
3	Viet Nam	11013
4	Brazil	9078
5	Russian Federation	8318
6	India	6720
7	Indonesia	6294
8	Taiwan	6179
9	Egypt	3827
10	Turkey	3307
11	Mexico	3284
12	Thailand	3154
13	South Korea	2801
14	France	2788
15	Italy	2353
16	Ukraine	2067
17	Iran	2028
18	Venezuela	1869
19	Germany	1642
20	Hong Kong	1586
21	United Kingdom	1417
22	Argentina	1372
23	Philippines	1206
24	Spain	1196
25	Netherlands	1183

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	VNPT-VN	5043
2	HINET-NET	5031
3	VIETTEL-VN	2950
4	TELKOMNET	2862
5	02.558.157/0001-62	2602
6	AT-88-Z	1917
7	AFRINIC-042005	1881
8	VE-CSVE-LACNIC	1620
9	KORNET	1581
10	FPTDYNAMICIP-NET	1386
11	MX-USCV4-LACNIC	1355
12	CHINANET-GD	1297
13	DO-13	1211
14	TEDATA-20150319	1112
15	CMNET	1110
16	CHINANET-JS	1102
17	BSNLNET	969
18	TencentCloud	958
19	TENCENT-CN	885
20	MX-TPTE-LACNIC	880
21	TurkTelekom	801
22	AMAZON-2011L	726
23	UNICOM-SD	704
24	Baidu	700
25	40.432.544/0835-06	673

The top 25 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	646399
2	23	566450
3	22	527315
4	3389	180650
5	5900	176870
6	1433	172748
7	2222	170774
8	222	170553
9	22222	153939
10	674	150645
11	2022	150521
12	8080	149640
13	7070	139908
14	81	139746
15	2200	138828
16	1400	137727
17	2126	130068
18	30000	127548
19	2020	126182
20	9999	126118
21	5000	124665
22	1569	123501
23	149	122574
24	8000	121055
25	7071	120612

Botnet Statistics for August 2019

detection period: 2019-08-01 00:00 - 2019-08-31 23:59 UTC
total number of suspected botnet IPs: 128099

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	18451
2	United States	14334
3	Viet Nam	8936
4	Brazil	7439
5	Russian Federation	6849
6	India	6369
7	Taiwan	6291
8	Indonesia	5869
9	Thailand	2713
10	Mexico	2712
11	Turkey	2561
12	South Korea	2556
13	Germany	2493
14	France	2446
15	Egypt	2314
16	Italy	1862
17	Iran	1808
18	Ukraine	1755
19	Venezuela	1686
20	Hong Kong	1609
21	United Kingdom	1301
22	Argentina	1294
23	Philippines	1201
24	Netherlands	1084
25	Canada	1058

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	5409
2	VNPT-VN	4113
3	TELKOMNET	2785
4	VIETTEL-VN	2389
5	02.558.157/0001-62	2271
6	AT-88-Z	1857
7	CHINANET-JS	1675
8	VE-CSVE-LACNIC	1476
9	MX-USCV4-LACNIC	1374
10	KORNET	1342
11	AFRINIC-042005	1337
12	CHINANET-GD	1321
13	DO-13	1169
14	FPTDYNAMICIP-NET	1082
15	TENCENT-CN	1015
16	CMNET	1011
17	TencentCloud	939
18	BSNLNET	876
19	AMAZON-2011L	811
20	Baidu	731
21	UNICOM-SD	689
22	TurkTelekom	634
23	GOOGLE-CLOUD	623
24	BEAMTELE-IN	620
25	ORG-AFNC1-AFRINIC-20050414	593

The top 25 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	1723	1136867
2	23	641637
3	445	597892
4	22	470046
5	3389	279881
6	664	261327
7	5900	257553
8	1433	256244
9	1569	235477
10	663	235237
11	30000	211823
12	7046	209673
13	674	209485
14	1400	208287
15	9999	205438
16	3390	199255
17	9000	196617
18	3391	181423
19	110	180122
20	81	165178
21	8080	162659
22	2022	153365
23	222	151344
24	2222	149222
25	2020	148437

Botnet Statistics for July 2019

detection period: 2019-07-01 00:00 - 2019-07-31 23:59 UTC
total number of suspected botnet IPs: 134081

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	16260
2	United States	15552
3	Viet Nam	10379
4	Brazil	8199
5	Russian Federation	7358
6	India	7322
7	Indonesia	6796
8	Taiwan	5537
9	Thailand	3108
10	Mexico	2892
11	France	2763
12	Turkey	2750
13	South Korea	2603
14	Egypt	2580
15	Iran	2210
16	Germany	2046
17	Venezuela	1986
18	Ukraine	1978
19	Italy	1930
20	Hong Kong	1606
21	United Kingdom	1456
22	Argentina	1208
23	Philippines	1155
24	Netherlands	1127
25	Pakistan	1009

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	VNPT-VN	4950
2	HINET-NET	4707
3	TELKOMNET	3044
4	VIETTEL-VN	2621
5	02.558.157/0001-62	2512
6	VE-CSVE-LACNIC	1752
7	AT-88-Z	1751
8	AFRINIC-042005	1563
9	KORNET	1499
10	MX-USCV4-LACNIC	1359
11	CHINANET-JS	1235
12	PSYCHZ-NETWORKS	1229
13	FPTDYNAMICIP-NET	1219
14	CHINANET-GD	1169
15	TENCENT-CN	1022
16	BSNLNET	993
17	DO-13	910
18	TencentCloud	891
19	AMAZON-2011L	844
20	CMNET	804
21	BEAMTELE-IN	698
22	TEDATA-20150319	639
23	Baidu	634
24	TurkTelekom	613
25	BHARTI-IN	590

The top 25 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	636986
2	23	613434
3	1723	584077
4	5900	421098
5	22	333298
6	2022	320286
7	110	280217
8	3389	279388
9	222	247060
10	5038	237385
11	2023	234745
12	627	234022
13	5000	230777
14	2024	228682
15	7026	225703
16	2021	224893
17	7030	219209
18	623	217734
19	630	217143
20	102	217062
21	103	216426
22	105	216245
23	8000	215568
24	7032	214954
25	625	214039

Botnet Statistics [2019-10-19]

detection period: 2019-10-19 00:00-23:59 UTC
total number of suspected botnet IPs: 16185
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15601
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	TENCENT-CN	499
2	Baidu	497
3	TencentCloud	495
4	HINET-NET	386
5	KORNET	316
6	VNPT-VN	275
7	CMNET	225
8	DIGITALOCEAN-12	221
9	VIETTEL-VN	214
10	DO-13	203

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4010
2	United States	2055
3	France	759
4	Russian Federation	681
5	Viet Nam	660
6	India	607
7	Brazil	594
8	Taiwan	519
9	South Korea	479
10	Indonesia	438

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	20142
2	22	15471
3	9001	11945
4	23	10257
5	4022	8034
6	5038	8018
7	1433	7127
8	2708	6419
9	2706	6349
10	2704	6153

Suspected Bot List [2019-10-19]

detection period: 2019-10-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 584

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
ZA	196.38.156.146	South Africa

List from TCP port scans:

Botnet Statistics for June 2019

detection period: 2019-06-01 00:00 - 2019-06-30 23:59 UTC
total number of suspected botnet IPs: 111644

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	12699
2	United States	11869
3	Viet Nam	8920
4	Brazil	7486
5	Russian Federation	6661
6	India	6390
7	Taiwan	5460
8	Indonesia	5290
9	Thailand	2767
10	South Korea	2431
11	Mexico	2276
12	France	2185
13	Turkey	1932
14	Venezuela	1808
15	Iran	1805
16	Ukraine	1679
17	Italy	1634
18	Hong Kong	1526
19	Germany	1289
20	United Kingdom	1208
21	Philippines	1188
22	Egypt	1154
23	Colombia	960
24	Canada	941
25	Argentina	932

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	4785
2	VNPT-VN	4330
3	VIETTEL-VN	2348
4	02.558.157/0001-62	2330
5	TELKOMNET	2318
6	VE-CSVE-LACNIC	1592
7	KORNET	1492
8	AT-88-Z	1395
9	MX-USCV4-LACNIC	1045
10	AFRINIC-042005	1015
11	CHINANET-GD	953
12	FPTDYNAMICIP-NET	862
13	BSNLNET	850
14	TENCENT-CN	774
15	CHINANET-JS	759
16	TencentCloud	758
17	AMAZON-2011L	724
18	PSYCHZ-NETWORKS	715
19	CMNET	642
20	DO-13	613
21	BEAMTELE-IN	556
22	NETVIGATOR	533
23	BHARTI-IN	501
24	FPT-VN	487
25	ORG-AFNC1-AFRINIC-20050414	476

The top 25 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	3389	645423
2	445	626839
3	23	499714
4	5038	363147
5	22	361032
6	21	324474
7	222	320443
8	8000	278218
9	2222	265164
10	22222	259376
11	5000	255489
12	2022	251814
13	227	245055
14	4009	240808
15	4010	237664
16	8080	236076
17	89	235650
18	223	233971
19	53	231273
20	88	225607
21	506	220787
22	507	220640
23	95	215705
24	93	215560
25	2200	215500

Botnet Statistics [2019-10-18]

detection period: 2019-10-18 00:00-23:59 UTC
total number of suspected botnet IPs: 16172
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15532
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	TencentCloud	507
2	TENCENT-CN	501
3	Baidu	495
4	VNPT-VN	316
5	KORNET	302
6	HINET-NET	282
7	DO-13	206
8	CMNET	203
9	DIGITALOCEAN-12	198
10	VIETTEL-VN	195

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	3998
2	United States	1998
3	France	745
4	Viet Nam	707
5	India	645
6	Russian Federation	635
7	Brazil	618
8	South Korea	465
9	Indonesia	456
10	Taiwan	367

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	19937
2	22	19748
3	23	10580
4	1433	9747
5	4242	7954
6	9001	7879
7	5900	7167
8	4022	6801
9	7135	6361
10	9003	6148

Suspected Bot List [2019-10-18]

detection period: 2019-10-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 640

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
NG	41.87.80.26	Nigeria

List from TCP port scans:

Botnet Statistics [2019-10-17]

detection period: 2019-10-17 00:00-23:59 UTC
total number of suspected botnet IPs: 15943
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15298
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	TencentCloud	498
2	Baidu	497
3	TENCENT-CN	494
4	KORNET	292
5	VNPT-VN	242
6	CMNET	219
7	DO-13	203
8	DIGITALOCEAN-12	192
9	TELKOMNET	189
10	HINET-NET	189

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4081
2	United States	1904
3	France	752
4	Russian Federation	679
5	India	665
6	Brazil	620
7	Viet Nam	604
8	Indonesia	496
9	South Korea	459
10	Singapore	346

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	4022	76832
2	11122	23428
3	445	16360
4	23	13632
5	22	12448
6	2100	10540
7	221	9184
8	5900	7967
9	1433	7744
10	3389	6707

Suspected Bot List [2019-10-17]

detection period: 2019-10-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 645

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
NG	41.203.76.251	Nigeria

List from TCP port scans:

Botnet Statistics for May 2019

detection period: 2019-05-01 00:00 - 2019-05-31 23:59 UTC
total number of suspected botnet IPs: 106835

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	11977
2	United States	10669
3	Viet Nam	9740
4	Brazil	7253
5	Russian Federation	6860
6	Indonesia	6186
7	India	6025
8	Taiwan	5321
9	Mexico	2598
10	Thailand	2524
11	France	2074
12	Venezuela	1930
13	South Korea	1929
14	Turkey	1842
15	Ukraine	1686
16	Iran	1416
17	Germany	1342
18	Hong Kong	1309
19	Italy	1263
20	Philippines	1094
21	United Kingdom	1063
22	Egypt	1046
23	Netherlands	918
24	Colombia	897
25	Canada	874

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	VNPT-VN	4782
2	HINET-NET	4704
3	TELKOMNET	2695
4	VIETTEL-VN	2448
5	02.558.157/0001-62	2244
6	VE-CSVE-LACNIC	1707
7	AT-88-Z	1704
8	MX-USCV4-LACNIC	1312
9	KORNET	1115
10	FPTDYNAMICIP-NET	988
11	CHINANET-GD	932
12	AFRINIC-042005	921
13	AMAZON-2011L	856
14	TENCENT-CN	831
15	BSNLNET	830
16	TencentCloud	729
17	BEAMTELE-IN	658
18	CHINANET-JS	613
19	DO-13	609
20	FPT-VN	535
21	BHARTI-IN	458
22	CMNET	450
23	MX-GDUN-LACNIC	447
24	Baidu	440
25	CHINANET-SC	427

The top 25 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	3389	894985
2	8000	774530
3	5000	766078
4	3000	622366
5	445	610852
6	88	594753
7	8083	585587
8	6001	553647
9	10000	536022
10	8081	530127
11	8080	529877
12	8087	526838
13	8086	524193
14	222	517864
15	4444	505650
16	2222	505143
17	3002	504435
18	8008	503360
19	3001	502418
20	7071	499452
21	111	498405
22	9009	496791
23	9001	494745
24	666	491897
25	2233	491370

Botnet Statistics [2019-10-16]

detection period: 2019-10-16 00:00-23:59 UTC
total number of suspected botnet IPs: 16442
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15779
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	TencentCloud	512
2	TENCENT-CN	509
3	Baidu	506
4	KORNET	303
5	VNPT-VN	279
6	CMNET	237
7	DIGITALOCEAN-12	218
8	DO-13	209
9	HINET-NET	208
10	CHINANET-JS	186

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4184
2	United States	1922
3	France	748
4	India	693
5	Russian Federation	680
6	Viet Nam	660
7	Brazil	619
8	Indonesia	511
9	South Korea	462
10	Singapore	355

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	4022	54226
2	445	40022
3	11122	17544
4	22	14277
5	23	13615
6	5225	10359
7	5038	8953
8	1433	8935
9	5900	8377
10	2706	6701

Suspected Bot List [2019-10-16]

detection period: 2019-10-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 663

List from fake open relays:

country code	IP address	Country

List from greylisting:

country code	IP address	Country

List from SSH probes:

country code	IP address	Country
CA	184.67.105.182	Canada

List from TCP port scans:

Botnet Statistics [2019-10-15]

detection period: 2019-10-15 00:00-23:59 UTC
total number of suspected botnet IPs: 16433
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 15760
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	Baidu	509
2	TENCENT-CN	507
3	TencentCloud	498
4	KORNET	314
5	VNPT-VN	285
6	CMNET	280
7	HINET-NET	235
8	DIGITALOCEAN-12	230
9	DO-13	220
10	OVH	175

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country/Region	# of suspected botnet IPs
1	China	4238
2	United States	2053
3	France	741
4	Russian Federation	653
5	Viet Nam	640
6	India	624
7	Brazil	615
8	South Korea	459
9	Indonesia	451
10	Singapore	345

The top 10 TCP ports, ordered by number of connection attempts received are:

Rank	TCP port number	# of connection attempts received
1	445	24116
2	22	14612
3	23	13888
4	5038	13813
5	222	10786
6	1433	9888
7	5900	7799
8	4022	7507
9	2222	7345
10	11122	6925

Thursday, October 31, 2019

Wednesday, October 30, 2019

Tuesday, October 29, 2019

Monday, October 28, 2019

Sunday, October 27, 2019

Saturday, October 26, 2019

Friday, October 25, 2019

Thursday, October 24, 2019

Wednesday, October 23, 2019

Tuesday, October 22, 2019

Monday, October 21, 2019

Sunday, October 20, 2019

Saturday, October 19, 2019

Friday, October 18, 2019

Thursday, October 17, 2019

Wednesday, October 16, 2019