Custom Search

Wednesday, September 30, 2020

Botnet Statistics [2020-09-29]

detection period: 2020-09-29 00:00-23:59 UTC
total number of suspected botnet IPs: 30737
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28974
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1311
2VNPT-VN1148
3Baidu672
4TENCENT-CN618
5VIETTEL-VN579
6DIGITALOCEAN-192-241-128-0553
7UNICOM-HA552
8HINET-NET547
9UNICOM-SD513
10ALISOFT410

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7996
2United States3340
3Viet Nam2235
4India2217
5Russian Federation1314
6Brazil1272
7Indonesia1012
8France825
9Taiwan693
10Thailand643

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445440643
268774688
321374566
4139074334
599174310
62350728
7234249350
833346622
92242943
1052340006

Suspected Bot List [2020-09-29]

detection period: 2020-09-29 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1763

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, September 29, 2020

Botnet Statistics [2020-09-28]

detection period: 2020-09-28 00:00-23:59 UTC
total number of suspected botnet IPs: 31998
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30287
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1375
2VNPT-VN1049
3Baidu690
4TENCENT-CN643
5VIETTEL-VN567
6DIGITALOCEAN-192-241-128-0540
7UNICOM-SD537
8HINET-NET515
9UNICOM-HA504
10ALISOFT471

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8385
2United States3735
3India2351
4Viet Nam2179
5Russian Federation1358
6Brazil1300
7Indonesia1009
8France849
9Taiwan672
10Thailand650

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445582915
268787629
321387278
4139087041
599186540
6101277224
72352719
8234252129
9143348487
1042248482

Suspected Bot List [2020-09-28]

detection period: 2020-09-28 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1711

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, September 28, 2020

Botnet Statistics [2020-09-27]

detection period: 2020-09-27 00:00-23:59 UTC
total number of suspected botnet IPs: 28979
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27427
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1430
2Baidu708
3TENCENT-CN678
4UNICOM-HA567
5HINET-NET561
6UNICOM-SD552
7DIGITALOCEAN-192-241-128-0549
8VNPT-VN525
9ALISOFT466
10CMNET359

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8648
2United States3783
3India1545
4Russian Federation1253
5Viet Nam1225
6Brazil1050
7France883
8Taiwan730
9Indonesia681
10South Korea441

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445278603
268789721
399188731
4139088436
521380608
6143364081
72359847
8234259227
9202256836
103351319

Suspected Bot List [2020-09-27]

detection period: 2020-09-27 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1552

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, September 27, 2020

Botnet Statistics [2020-09-26]

detection period: 2020-09-26 00:00-23:59 UTC
total number of suspected botnet IPs: 27608
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26175
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1230
2VNPT-VN709
3Baidu635
4TENCENT-CN585
5DIGITALOCEAN-192-241-128-0562
6HINET-NET558
7UNICOM-HA531
8UNICOM-SD520
9ALISOFT429
10VIETTEL-VN359

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7541
2United States3449
3India2003
4Viet Nam1496
5Russian Federation1105
6Brazil1015
7France798
8Indonesia752
9Taiwan708
10South Korea396

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445431919
28338190016
3302290757
468767961
5139067087
699165733
7234265211
821357118
92352376
10143344912

Suspected Bot List [2020-09-26]

detection period: 2020-09-26 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1433

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, September 26, 2020

Botnet Statistics [2020-09-25]

detection period: 2020-09-25 00:00-23:59 UTC
total number of suspected botnet IPs: 30057
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28480
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1277
2VNPT-VN987
3Baidu641
4TENCENT-CN607
5UNICOM-HA588
6DIGITALOCEAN-192-241-128-0585
7HINET-NET567
8UNICOM-SD550
9VIETTEL-VN504
10ALISOFT447

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7954
2United States3540
3India2349
4Viet Nam2007
5Brazil1244
6Russian Federation1233
7Indonesia903
8France829
9Taiwan756
10Thailand542

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445560174
232100856
3143395868
4302293980
568790343
6139087614
799186689
8234286252
921371945
102366534

Suspected Bot List [2020-09-25]

detection period: 2020-09-25 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1577

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, September 25, 2020

Botnet Statistics [2020-09-24]

detection period: 2020-09-24 00:00-23:59 UTC
total number of suspected botnet IPs: 31255
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29571
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1295
2VNPT-VN1070
3Baidu653
4HINET-NET624
5TENCENT-CN616
6DIGITALOCEAN-192-241-128-0608
7UNICOM-HA549
8UNICOM-SD540
9VIETTEL-VN516
10ALISOFT501

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8086
2United States3613
3India2436
4Viet Nam2071
5Russian Federation1350
6Brazil1214
7Indonesia954
8France865
9Taiwan776
10Thailand568

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
131935333
2445309693
3687116815
41390113024
52342112805
6991111850
721394833
8143391780
92364404
10202263973

Suspected Bot List [2020-09-24]

detection period: 2020-09-24 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1684

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, September 24, 2020

Botnet Statistics [2020-09-23]

detection period: 2020-09-23 00:00-23:59 UTC
total number of suspected botnet IPs: 31278
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29632
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1289
2VNPT-VN1099
3Baidu652
4TENCENT-CN636
5DIGITALOCEAN-192-241-128-0616
6HINET-NET529
7UNICOM-SD520
8UNICOM-HA519
9VIETTEL-VN509
10ALISOFT475

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8071
2United States3675
3India2485
4Viet Nam2111
5Russian Federation1275
6Brazil1211
7Indonesia972
8France887
9Taiwan687
10Thailand591

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445525727
231292649
3687115543
41390112183
52342110782
6991109426
721391142
8202263356
9222962347
1052361079

Suspected Bot List [2020-09-23]

detection period: 2020-09-23 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1646

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, September 23, 2020

Botnet Statistics [2020-09-22]

detection period: 2020-09-22 00:00-23:59 UTC
total number of suspected botnet IPs: 34080
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32388
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1437
2VNPT-VN1030
3Baidu675
4TENCENT-CN649
5DIGITALOCEAN-192-241-128-0617
6UNICOM-HA576
7HATHWAY-NET558
8UNICOM-SD556
9ALISOFT491
10HINET-NET487

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8835
2United States4453
3India2948
4Viet Nam2013
5Russian Federation1383
6Brazil1280
7Indonesia946
8France907
9Taiwan617
10Netherlands584

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445493405
2222469601
32357512
4932253393
5143353146
62252279
7942249905
833347515
9812244160
10982243610

Suspected Bot List [2020-09-22]

detection period: 2020-09-22 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1692

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, September 22, 2020

Botnet Statistics [2020-09-21]

detection period: 2020-09-21 00:00-23:59 UTC
total number of suspected botnet IPs: 34640
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 32895
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1489
2VNPT-VN1098
3HATHWAY-NET874
4Baidu707
5TENCENT-CN691
6DIGITALOCEAN-192-241-128-0633
7UNICOM-HA554
8VIETTEL-VN528
9UNICOM-SD527
10ALISOFT512

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China9042
2United States4383
3India3330
4Viet Nam2135
5Russian Federation1341
6Brazil1326
7Indonesia952
8France923
9Thailand631
10Taiwan620

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445423831
2222471133
32364742
42253507
5932249649
6872249643
7952248854
8143348266
933347796
10822247779

Suspected Bot List [2020-09-21]

detection period: 2020-09-21 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1745

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, September 21, 2020

Botnet Statistics [2020-09-20]

detection period: 2020-09-20 00:00-23:59 UTC
total number of suspected botnet IPs: 29319
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27965
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1300
2TencentCloud1296
3Baidu645
4DIGITALOCEAN-192-241-128-0628
5VNPT-VN588
6UNICOM-HA587
7TENCENT-CN586
8UNICOM-SD546
9HINET-NET539
10HATHWAY-AP490

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China8023
2United States3925
3India3109
4Viet Nam1320
5Russian Federation1168
6Brazil960
7France788
8Taiwan699
9Indonesia620
10Colombia426

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445191814
2143380769
32373933
4222671507
532270906
6222770490
7852268412
8222861770
9952253535
10832253371

Suspected Bot List [2020-09-20]

detection period: 2020-09-20 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1354

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, September 20, 2020

Botnet Statistics [2020-09-19]

detection period: 2020-09-19 00:00-23:59 UTC
total number of suspected botnet IPs: 30743
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29301
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1568
2TencentCloud1306
3VNPT-VN783
4HATHWAY-AP659
5Baidu640
6DIGITALOCEAN-192-241-128-0625
7TENCENT-CN576
8HINET-NET498
9ALISOFT462
10VIETTEL-VN400

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7566
2India4131
3United States3907
4Viet Nam1631
5Russian Federation1187
6Brazil1074
7France830
8Indonesia731
9Taiwan644
10Colombia474

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445187393
21433100114
32375308
42248771
5942244050
6602239395
7952237405
862235787
9902234564
10822232661

Suspected Bot List [2020-09-19]

detection period: 2020-09-19 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1442

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, September 19, 2020

Botnet Statistics [2020-09-18]

detection period: 2020-09-18 00:00-23:59 UTC
total number of suspected botnet IPs: 30366
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 28793
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1707
2TencentCloud1269
3VNPT-VN922
4DIGITALOCEAN-192-241-128-0636
5Baidu629
6HATHWAY-AP584
7TENCENT-CN570
8HINET-NET524
9VIETTEL-VN446
10ALISOFT422

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6827
2India4243
3United States3380
4Viet Nam1820
5Russian Federation1323
6Brazil1249
7Indonesia836
8France802
9Taiwan684
10Colombia510

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445474367
21433110541
3602279493
4802260601
52359874
62247998
7338935393
8302226708
9782225308
1082222937

Suspected Bot List [2020-09-18]

detection period: 2020-09-18 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1573

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, September 18, 2020

Botnet Statistics [2020-09-17]

detection period: 2020-09-17 00:00-23:59 UTC
total number of suspected botnet IPs: 30816
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 29241
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1670
2TencentCloud1232
3VNPT-VN1072
4HATHWAY-AP643
5DIGITALOCEAN-192-241-128-0635
6Baidu632
7TENCENT-CN563
8HINET-NET559
9VIETTEL-VN509
10ALISOFT409

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6789
2India4159
3United States3386
4Viet Nam2099
5Russian Federation1310
6Brazil1139
7Indonesia909
8France798
9Taiwan712
10Thailand540

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445358150
2602291852
3802271740
4143359275
52358220
6302251139
72243200
8223037095
9782236987
1062229156

Suspected Bot List [2020-09-17]

detection period: 2020-09-17 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1575

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, September 17, 2020

Botnet Statistics [2020-09-16]

detection period: 2020-09-16 00:00-23:59 UTC
total number of suspected botnet IPs: 32020
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30472
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1699
2TencentCloud1257
3VNPT-VN1080
4DIGITALOCEAN-192-241-128-0862
5HATHWAY-AP674
6Baidu639
7TENCENT-CN578
8VIETTEL-VN522
9HINET-NET502
10ALISOFT432

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7073
2India4423
3United States3676
4Viet Nam2125
5Russian Federation1307
6Brazil1249
7Indonesia923
8France813
9Taiwan643
10Thailand612

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12375502840
2445469298
3602285274
4802277949
542274489
6302263530
762263485
82362396
9143358086
1032257534

Suspected Bot List [2020-09-16]

detection period: 2020-09-16 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1548

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, September 16, 2020

Botnet Statistics [2020-09-15]

detection period: 2020-09-15 00:00-23:59 UTC
total number of suspected botnet IPs: 32414
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 30673
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1696
2TencentCloud1281
3VNPT-VN1059
4HATHWAY-AP659
5Baidu651
6TENCENT-CN609
7DIGITALOCEAN-192-241-128-0600
8VIETTEL-VN565
9HINET-NET487
10ALISOFT428

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7343
2India4564
3United States3339
4Viet Nam2103
5Russian Federation1302
6Brazil1234
7Indonesia989
8France844
9Thailand650
10Taiwan629

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
12375499575
2445221136
36022101280
4802298347
5302262517
62361095
7143352045
82242667
932241425
10782236751

Suspected Bot List [2020-09-15]

detection period: 2020-09-15 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1741

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, September 15, 2020

Botnet Statistics [2020-09-14]

detection period: 2020-09-14 00:00-23:59 UTC
total number of suspected botnet IPs: 33553
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 31823
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1763
2TencentCloud1347
3VNPT-VN1142
4Baidu686
5HATHWAY-AP683
6TENCENT-CN621
7DIGITALOCEAN-192-241-128-0610
8VIETTEL-VN578
9HINET-NET504
10ALISOFT472

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7745
2India4631
3United States3484
4Viet Nam2246
5Russian Federation1292
6Brazil1212
7Indonesia937
8France851
9Taiwan671
10Thailand629

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445570576
21433133046
32360830
4332258903
5302256157
6292255378
7602253046
8382251679
9282249896
10802249800

Suspected Bot List [2020-09-14]

detection period: 2020-09-14 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1730

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Monday, September 14, 2020

Botnet Statistics [2020-09-13]

detection period: 2020-09-13 00:00-23:59 UTC
total number of suspected botnet IPs: 28681
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27396
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1732
2TencentCloud1101
3HATHWAY-AP706
4VNPT-VN630
5Baidu614
6DIGITALOCEAN-192-241-128-0604
7HINET-NET528
8TENCENT-CN504
9ALISOFT430
10VIETTEL-VN358

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6683
2India3910
3United States3113
4Viet Nam1361
5Russian Federation1150
6Brazil1047
7France795
8Taiwan757
9Hong Kong649
10Indonesia628

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
11433128766
2445121712
33622102418
4392294841
5282292286
6312287992
7332285306
8382281461
9302280395
10372274248

Suspected Bot List [2020-09-13]

detection period: 2020-09-13 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1285

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Sunday, September 13, 2020

Botnet Statistics [2020-09-12]

detection period: 2020-09-12 00:00-23:59 UTC
total number of suspected botnet IPs: 28553
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27172
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1722
2TencentCloud1118
3VNPT-VN725
4HATHWAY-AP675
5DIGITALOCEAN-192-241-128-0615
6Baidu607
7TENCENT-CN522
8HINET-NET508
9VIETTEL-VN438
10ALISOFT425

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6422
2India4207
3United States3013
4Viet Nam1595
5Russian Federation1190
6Brazil1037
7France768
8Indonesia704
9Taiwan696
10South Korea519

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445300485
22822108829
3372291958
4302290181
5332287319
6292286301
7392283918
8312282507
9362271782
10382270376

Suspected Bot List [2020-09-12]

detection period: 2020-09-12 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1381

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Saturday, September 12, 2020

Botnet Statistics [2020-09-11]

detection period: 2020-09-11 00:00-23:59 UTC
total number of suspected botnet IPs: 28995
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27505
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1HATHWAY-NET1429
2TencentCloud1114
3VNPT-VN1026
4DIGITALOCEAN-192-241-128-0617
5Baidu605
6HATHWAY-AP582
7VIETTEL-VN505
8TENCENT-CN503
9HINET-NET492
10ALISOFT456

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6277
2India3961
3United States3087
4Viet Nam2008
5Russian Federation1313
6Brazil1142
7Indonesia861
8France780
9Taiwan638
10Thailand585

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445210786
2110124332
32822104248
43022101365
53122100951
6292297470
7392296300
8382296287
9332296194
10372291803

Suspected Bot List [2020-09-11]

detection period: 2020-09-11 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1490

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Friday, September 11, 2020

Botnet Statistics [2020-09-10]

detection period: 2020-09-10 00:00-23:59 UTC
total number of suspected botnet IPs: 28349
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26859
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1149
2VNPT-VN993
3DIGITALOCEAN-192-241-128-0613
4Baidu605
5HINET-NET539
6TENCENT-CN519
7VIETTEL-VN478
8HATHWAY-NET464
9ALISOFT453
10CHINANET-JS331

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6428
2United States3364
3India2425
4Viet Nam1984
5Russian Federation1333
6Brazil1260
7Indonesia868
8France786
9Taiwan702
10Thailand569

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445358904
28020140361
33222108024
43522106725
52822106272
6332297894
7292297573
8342288027
9372286925
10302285995

Suspected Bot List [2020-09-10]

detection period: 2020-09-10 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1490

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Thursday, September 10, 2020

Botnet Statistics [2020-09-09]

detection period: 2020-09-09 00:00-23:59 UTC
total number of suspected botnet IPs: 27065
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25568
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1183
2VNPT-VN918
3DIGITALOCEAN-192-241-128-0630
4Baidu611
5TENCENT-CN523
6ALISOFT486
7VIETTEL-VN470
8HINET-NET353
9CHINANET-JS351
10CMNET289

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6618
2United States3301
3Viet Nam1861
4India1646
5Russian Federation1295
6Brazil1219
7Indonesia901
8France826
9Thailand545
10Taiwan467

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445637193
23022140379
32822139696
43122120684
53322114330
63422113042
73722112750
83822108857
93222105504
10292297735

Suspected Bot List [2020-09-09]

detection period: 2020-09-09 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1497

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Wednesday, September 9, 2020

Botnet Statistics [2020-09-08]

detection period: 2020-09-08 00:00-23:59 UTC
total number of suspected botnet IPs: 27564
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 26075
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1197
2VNPT-VN1021
3DIGITALOCEAN-192-241-128-0628
4Baidu617
5TENCENT-CN531
6VIETTEL-VN517
7ALISOFT483
8HINET-NET401
9CHINANET-JS359
10CMNET312

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China6660
2United States3208
3Viet Nam2043
4India1735
5Russian Federation1352
6Brazil1162
7Indonesia901
8France811
9Thailand553
10Taiwan541

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445713742
22822121499
33722115339
43022108462
5342298837
6292288802
7332288542
8143386814
9392284556
10312279970

Suspected Bot List [2020-09-08]

detection period: 2020-09-08 00:00-23:59 UTC
number of suspected bots' IPs listed here: 1489

IP addresses listed here all exhibit strange network behavior. As I could not notify the victims for various reasons (no working abuse contact, mailbox over quota, etc.), I list them here instead. I have to emphasize that those are just *suspected* to be malware-infected computers.

List from fake open relays:

country codeIP addressCountry

List from greylisting:


country codeIP addressCountry

List from SSH probes:

country codeIP addressCountry

List from TCP port scans:

Tuesday, September 8, 2020

Botnet Statistics [2020-09-07]

detection period: 2020-09-07 00:00-23:59 UTC
total number of suspected botnet IPs: 28682
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27087
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

RankNetwork# of suspected botnet IPs
1TencentCloud1247
2VNPT-VN932
3Baidu639
4DIGITALOCEAN-192-241-128-0622
5TENCENT-CN563
6ALISOFT546
7VIETTEL-VN498
8HINET-NET467
9CHINANET-JS385
10KORNET362

The top 10 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

RankCountry/Region# of suspected botnet IPs
1China7075
2United States3496
3Viet Nam1928
4India1576
5Russian Federation1395
6Brazil1085
7Indonesia922
8France846
9Taiwan648
10South Korea584

The top 10 TCP ports, ordered by number of connection attempts received are:

RankTCP port number# of connection attempts received
1445797351
22822118195
3143391727
4322283660
5342280058
6302279249
7352276680
8372273290
92270684
10312269841