Botnet Statistics [2025-01-21]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2025. To get an idea of what IP is scanning the Internet currently, please watch: Daily Botnet Detection Live Streaming.)
detection period: 2025-01-21 00:00-23:59 UTC
total number of suspected botnet IPs: 23853
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 22382
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1318
2	GOOGLE-CLOUD	995
3	PAN-22	944
4	MSFT	856
5	BSNLNET	760
6	UK-MICROSOFT-20000324	557
7	AL-3	492
8	CENSY	399
9	VOLCANO-ENGINE	360
10	HURRICANE-4	351

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7045
2	China	5006
3	Taiwan	1568
4	India	1542
5	United Kingdom	930
6	Russian Federation	521
7	South Korea	487
8	Singapore	470
9	Indonesia	454
10	Brazil	438

20250121 Botnet Detection Live Streaming 10+ zombies detected)

Subscribe to: Post Comments (Atom)

Subscribe for Free

Daily Top 10 Botnet Info!

Pages

• Home
• Human Readable Sitemap

Featured Posts

• ZBTrap: a Virtual Appliance for Botnet Detection
• Botnet Statistics for February 2018
• Botnet Statistics for the year of 2017
• Building a botnet detector with Exim and SQLite, a step-by-step procedure wannabe
• How could China cut spam so effectively?
• DISAN: a proposed framework for botnet mitigation
• DDoS attacks make Wikileaks a great botnet detection system

About Botnet Tracker

Chih-Cherng Chin

Taiwan

I submitted a paper titled "Follow the spam: a botnet detection and notification mechanism" (in Chinese) to this year's TANET conference (TANET 2010), and it has been accepted. In that paper, I pointed out the problem with botnet mitigation measures which focus on taking C&C servers offline, described the detection strategy of "follow the spam," and made a general sketch of how I detect and report botnets. So far I have only implemented half of the "follow the spam" strategy. Hope someone else will implement the other half.

My previous work was an open relay detection and notification system (presented at TANET 2006 conference), which was able to uncover more than 1200 open relays (confirmed by ORDB) each month at the time.

View my complete profile

Labels

• bot list (3009)
• botnet chart (5629)
• botnet detection (7)
• botnet mitigation (6)
• cyber security (2)
• daily zombie IP list (52)
• google adsense (1)
• greylisting (3)
• haproxy (2)
• monthly statistics (125)
• open proxy (1)
• port scan (2)
• suspected bots ip (96)
• yearly statistics (8)
• ZBTrap (1)

Blog Archive

• ▼  2025 (94)
  • April (1)
  • March (32)
  • February (29)
  • January (32)

• ►  2024 (378)
  • December (32)
  • November (31)
  • October (32)
  • September (31)
  • August (32)
  • July (32)
  • June (31)
  • May (32)
  • April (31)
  • March (32)
  • February (30)
  • January (32)

• ►  2023 (376)
  • December (32)
  • November (31)
  • October (32)
  • September (31)
  • August (32)
  • July (32)
  • June (31)
  • May (32)
  • April (31)
  • March (32)
  • February (29)
  • January (31)

• ►  2022 (376)
  • December (32)
  • November (31)
  • October (32)
  • September (31)
  • August (32)
  • July (32)
  • June (31)
  • May (32)
  • April (31)
  • March (32)
  • February (28)
  • January (32)

• ►  2021 (373)
  • December (28)
  • November (31)
  • October (32)
  • September (31)
  • August (32)
  • July (32)
  • June (31)
  • May (32)
  • April (31)
  • March (32)
  • February (29)
  • January (32)

• ►  2020 (701)
  • December (33)
  • November (60)
  • October (62)
  • September (60)
  • August (62)
  • July (62)
  • June (60)
  • May (60)
  • April (60)
  • March (62)
  • February (58)
  • January (62)

• ►  2019 (738)
  • December (62)
  • November (59)
  • October (65)
  • September (60)
  • August (62)
  • July (62)
  • June (60)
  • May (64)
  • April (58)
  • March (66)
  • February (56)
  • January (64)

• ►  2018 (752)
  • December (62)
  • November (65)
  • October (63)
  • September (62)
  • August (65)
  • July (64)
  • June (61)
  • May (64)
  • April (61)
  • March (64)
  • February (59)
  • January (62)

• ►  2017 (729)
  • December (64)
  • November (62)
  • October (58)
  • September (58)
  • August (64)
  • July (62)
  • June (62)
  • May (58)
  • April (54)
  • March (64)
  • February (58)
  • January (65)

• ►  2016 (757)
  • December (64)
  • November (62)
  • October (64)
  • September (62)
  • August (64)
  • July (64)
  • June (61)
  • May (64)
  • April (62)
  • March (64)
  • February (61)
  • January (65)

• ►  2015 (737)
  • December (64)
  • November (62)
  • October (62)
  • September (61)
  • August (64)
  • July (62)
  • June (60)
  • May (64)
  • April (54)
  • March (64)
  • February (56)
  • January (64)

• ►  2014 (745)
  • December (64)
  • November (60)
  • October (64)
  • September (58)
  • August (60)
  • July (64)
  • June (62)
  • May (64)
  • April (62)
  • March (64)
  • February (58)
  • January (65)

• ►  2013 (750)
  • December (64)
  • November (62)
  • October (64)
  • September (62)
  • August (64)
  • July (64)
  • June (64)
  • May (63)
  • April (61)
  • March (61)
  • February (57)
  • January (64)

• ►  2012 (528)
  • December (63)
  • November (61)
  • October (63)
  • September (61)
  • August (59)
  • July (32)
  • June (31)
  • May (32)
  • April (31)
  • March (32)
  • February (30)
  • January (33)

• ►  2011 (382)
  • December (32)
  • November (31)
  • October (33)
  • September (31)
  • August (32)
  • July (32)
  • June (31)
  • May (33)
  • April (31)
  • March (33)
  • February (29)
  • January (34)

• ►  2010 (387)
  • December (33)
  • November (32)
  • October (32)
  • September (33)
  • August (30)
  • July (32)
  • June (31)
  • May (32)
  • April (40)
  • March (32)
  • February (29)
  • January (31)

• ►  2009 (119)
  • December (31)
  • November (31)
  • October (33)
  • September (24)

Rank	TCP port number	# of connection attempts received
1	3322	64901
2	8888	61710
3	2024	57394
4	22	54389
5	5900	39837
6	2049	34258
7	7722	29127
8	8622	24529
9	6622	21792
10	2255	21090