Botnet Statistics for January 2016

detection period: 2016-01-01 00:00 - 2016-01-31 23:59 UTC
total number of suspected botnet IPs: 29277
number of blocked spams: 178591
recipient count of blocked spams: 2142408

The vps I use for data file backup disappeared around Jan 21, so I lost about 2/3 of the data needed for calculating number of blocked spams and recipient count of blocked spams (botnet IPs are unaffected by this). That is the reason why they seem to be much less this month.

The top 25 countries (as defined by the 2-character country code), ordered by number of suspected botnet IPs are:

Rank	Country	# of suspected botnet IPs
1	China	22551
2	Viet Nam	2056
3	Taiwan	1303
4	India	367
5	Mexico	315
6	United States	298
7	Brazil	287
8	Russian Federation	244
9	Ukraine	177
10	Indonesia	124
11	Argentina	112
12	Turkey	110
13	Romania	95
14	Iran	83
15	Kazakhstan	67
16	Poland	56
17	Germany	55
18	Thailand	52
19	South Korea	50
20	Colombia	42
21	Canada	42
22	France	40
23	Hong Kong	36
24	Bulgaria	36
25	Azerbaijan	34

The top 25 countries (as defined by the 2-character country code), ordered by number of blocked spams are:

Rank	Country	# of blocked spams
1	Brazil	145299
2	United States	9023
3	Taiwan	6951
4	China	4373
5	Mexico	3018
6	Hong Kong	1822
7	Viet Nam	1004
8	Colombia	984
9	Chile	867
10	Argentina	836
11	Thailand	774
12	India	691
13	Turkey	433
14	Bolivia	337
15	Russian Federation	312
16	Israel	293
17	France	272
18	Spain	209
19	Macau	155
20	Panama	144
21	Romania	109
22	Indonesia	109
23	Venezuela	87
24	Malaysia	78
25	Italy	72

The top 25 countries (as defined by the 2-character country code), ordered by recipient count of blocked spams are:

Rank	Country	recipient count of blocked spams
1	Brazil	1456012
2	Taiwan	190523
3	China	115358
4	United States	57220
5	Hong Kong	55220
6	Mexico	50304
7	Viet Nam	27066
8	Colombia	26767
9	Chile	23723
10	Argentina	22643
11	Thailand	21261
12	India	18692
13	Turkey	11419
14	Bolivia	9045
15	France	8340
16	Russian Federation	7850
17	Spain	5697
18	Israel	4395
19	Macau	4288
20	Panama	3717
21	Indonesia	3631
22	Romania	3337
23	Venezuela	2402
24	Italy	2327
25	Malaysia	2186

The top 25 networks (as found in WHOIS), ordered by number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	CHINANET-AH	5606
2	CHINANET-ZJ-JH	3016
3	CHINANET-JS	2684
4	CHINANET-HB	2438
5	CHINANET-ZJ	2316
6	UNICOM-AH	2094
7	CHINANET-SC	1470
8	HINET-NET	1241
9	VNPT-VNNIC-VN	1070
10	WASU	600
11	CHINANET-GD	536
12	UNICOM-ZJ	531
13	WASU-BB	420
14	FPT-VN	222
15	MX-MSCV17-LACNIC	203
16	VIETEL-VNNIC-VN	192
17	VIETEL-VN	187
18	ETC-VNNIC-VN	147
19	UNICOM-SD	110
20	CHINANET-ZJ-SX	105
21	UNICOM-BJ	97
22	BSNLNET	95
23	IPxDSL-NET	72
24	FPT-NET	53
25	BHARTI-IN	52

The top 25 networks (as found in WHOIS), ordered by number of blocked spams are:

Rank	Network	# of blocked spams
1	005.200.140/0001-27	145053
2	QUADRANET	7180
3	HINET-NET	3870
4	ALISOFT	2083
5	MX-MSCV17-LACNIC	1967
6	CTIHK	1426
7	TFN-NET	1402
8	tonghnetwork	1105
9	CL-VPNS-LACNIC	867
10	TANET-BNETA	678
11	RAYON_IN	676
12	1AN1-NETWORK	662
13	AR-ATSA17-LACNIC	535
14	TANET-B	515
15	CO-CTSE-LACNIC	498
16	DSV4-2	495
17	RELIABLESITE-NETBLOCK	460
18	MX-MTSC2-LACNIC	395
19	CAT	375
20	CO-ETBE-LACNIC	368
21	Broadbandethernet-NET	362
22	BO-ACBS1-LACNIC	337
23	MX-USCV4-LACNIC	309
24	HINET-TW	308
25	EDIS-PI-4	293

The top 25 networks (as found in WHOIS), ordered by recipient count of blocked spams are:

Rank	Network	recipient count of blocked spams
1	005.200.140/0001-27	1449148
2	HINET-NET	105740
3	ALISOFT	55543
4	CTIHK	45474
5	TFN-NET	38293
6	tonghnetwork	29807
7	MX-MSCV17-LACNIC	23892
8	CL-VPNS-LACNIC	23723
9	TANET-BNETA	18629
10	RAYON_IN	18428
11	1AN1-NETWORK	18099
12	AR-ATSA17-LACNIC	14669
13	TANET-B	14415
14	DSV4-2	13719
15	CO-CTSE-LACNIC	13468
16	RELIABLESITE-NETBLOCK	12460
17	MX-MTSC2-LACNIC	10650
18	CAT	10307
19	CO-ETBE-LACNIC	10038
20	Broadbandethernet-NET	9939
21	BO-ACBS1-LACNIC	9045
22	MX-USCV4-LACNIC	8523
23	HINET-TW	8515
24	VTDC-VNNIC-VN	7967
25	QUADRANET	7180