Daily Botnet Statistics: January 2026

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-30 00:00-23:59 UTC
total number of suspected botnet IPs: 20733
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18946
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	MSFT	1414
2	GOOGLE-CLOUD	1006
3	PAN-22	950
4	AL-3	911
5	BYTEPLUS-SG	854
6	VOLCANO-ENGINE	481
7	ASEPL-SG	438
8	ALISOFT	403
9	CENSY	381
10	FR-ONYPHE-20191111	368

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7889
2	China	4313
3	Singapore	1494
4	India	473
5	Hong Kong	429
6	France	416
7	Russian Federation	357
8	South Korea	351
9	Indonesia	304
10	Netherlands	275

Friday, January 30, 2026

Botnet Statistics [2026-01-29]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-29 00:00-23:59 UTC
total number of suspected botnet IPs: 21546
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19773
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	380608
2	2271	112459
3	6666	88689
4	1234	54629
5	22001	38417
6	5902	32158
7	6000	31965
8	1022	29482
9	22	27113
10	2222	24221

Rank	Network	# of suspected botnet IPs
1	MSFT	1428
2	GOOGLE-CLOUD	1006
3	PAN-22	950
4	BYTEPLUS-SG	849
5	AL-3	796
6	VOLCANO-ENGINE	489
7	ASEPL-SG	435
8	ALISOFT	378
9	CENSY	373
10	FR-ONYPHE-20191111	368

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8272
2	China	4579
3	Singapore	1506
4	India	497
5	France	429
6	Hong Kong	423
7	Russian Federation	365
8	South Korea	356
9	Netherlands	341
10	Brazil	313

Thursday, January 29, 2026

Botnet Statistics [2026-01-28]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-28 00:00-23:59 UTC
total number of suspected botnet IPs: 20830
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19100
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	387974
2	3412	89909
3	2026	80846
4	2241	80316
5	9026	78153
6	4242	71007
7	6666	59417
8	2271	54139
9	1234	52756
10	8008	45686

Rank	Network	# of suspected botnet IPs
1	MSFT	1324
2	GOOGLE-CLOUD	1008
3	PAN-22	948
4	BYTEPLUS-SG	846
5	AL-3	819
6	VOLCANO-ENGINE	498
7	ASEPL-SG	429
8	CENSY	381
9	ALISOFT	372
10	FR-ONYPHE-20191111	368

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7690
2	China	4421
3	Singapore	1472
4	India	494
5	Hong Kong	435
6	France	429
7	Russian Federation	367
8	South Korea	343
9	Netherlands	342
10	Indonesia	313

Wednesday, January 28, 2026

Botnet Statistics [2026-01-27]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-27 00:00-23:59 UTC
total number of suspected botnet IPs: 22290
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20508
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	237211
2	8008	115662
3	2241	103206
4	4808	77200
5	2026	58159
6	1234	45877
7	22	36542
8	9026	30734
9	5902	28964
10	2022	26746

Rank	Network	# of suspected botnet IPs
1	MSFT	1350
2	GOOGLE-CLOUD	1002
3	PAN-22	948
4	BYTEPLUS-SG	846
5	AL-3	810
6	VOLCANO-ENGINE	488
7	ASEPL-SG	438
8	ALISOFT	412
9	CENSY	380
10	FR-ONYPHE-20191111	374

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8633
2	China	4362
3	Singapore	1511
4	India	512
5	France	506
6	Netherlands	489
7	Hong Kong	446
8	Russian Federation	376
9	South Korea	354
10	Indonesia	310

Tuesday, January 27, 2026

Botnet Statistics [2026-01-26]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-26 00:00-23:59 UTC
total number of suspected botnet IPs: 22882
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20946
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	184297
2	2241	91898
3	22	48187
4	22522	34001
5	7322	30507
6	5902	28246
7	3022	25896
8	4808	21354
9	2248	20535
10	2222	20215

Rank	Network	# of suspected botnet IPs
1	MSFT	1373
2	GOOGLE-CLOUD	1000
3	PAN-22	944
4	BYTEPLUS-SG	848
5	AL-3	825
6	VOLCANO-ENGINE	483
7	ASEPL-SG	440
8	FR-ONYPHE-20191111	416
9	ALISOFT	396
10	CENSY	376

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8466
2	China	4786
3	Singapore	1490
4	Netherlands	550
5	France	521
6	India	473
7	Hong Kong	455
8	South Korea	398
9	Russian Federation	397
10	Indonesia	346

Monday, January 26, 2026

Botnet Statistics [2026-01-25]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-25 00:00-23:59 UTC
total number of suspected botnet IPs: 22326
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20560
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	175631
2	22	94877
3	1722	83755
4	4808	52562
5	4488	46370
6	2248	44817
7	12345	34091
8	1822	29388
9	5902	28441
10	13722	24939

Rank	Network	# of suspected botnet IPs
1	MSFT	1376
2	GOOGLE-CLOUD	1003
3	PAN-22	949
4	BYTEPLUS-SG	847
5	AL-3	799
6	VOLCANO-ENGINE	484
7	ASEPL-SG	449
8	FR-ONYPHE-20191111	415
9	ALISOFT	399
10	CENSY	373

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8636
2	China	4547
3	Singapore	1496
4	Netherlands	535
5	France	514
6	India	470
7	Hong Kong	445
8	Russian Federation	375
9	South Korea	373
10	Brazil	324

Sunday, January 25, 2026

Botnet Statistics [2026-01-24]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-24 00:00-23:59 UTC
total number of suspected botnet IPs: 22232
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 20425
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	151706
2	22	98078
3	1722	71567
4	8004	51775
5	6666	31815
6	5902	31177
7	234	25215
8	2222	21840
9	6122	21000
10	2248	19764

Rank	Network	# of suspected botnet IPs
1	MSFT	1367
2	GOOGLE-CLOUD	1008
3	PAN-22	950
4	BYTEPLUS-SG	848
5	AL-3	811
6	VOLCANO-ENGINE	495
7	ALISOFT	457
8	ASEPL-SG	449
9	FR-ONYPHE-20191111	416
10	CENSY	378

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7818
2	China	5078
3	Singapore	1485
4	India	546
5	France	521
6	Netherlands	468
7	Hong Kong	444
8	Russian Federation	376
9	South Korea	365
10	Brazil	330

Saturday, January 24, 2026

Botnet Statistics [2026-01-23]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-23 00:00-23:59 UTC
total number of suspected botnet IPs: 23103
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21251
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	178792
2	6666	73647
3	2240	69644
4	8004	65554
5	22	62860
6	1722	59311
7	234	56088
8	8865	51896
9	54138	36832
10	5902	32344

Rank	Network	# of suspected botnet IPs
1	MSFT	1367
2	GOOGLE-CLOUD	1004
3	PAN-22	950
4	BYTEPLUS-SG	847
5	AL-3	823
6	VOLCANO-ENGINE	500
7	ASEPL-SG	463
8	FR-ONYPHE-20191111	416
9	ALISOFT	393
10	CMNET	389

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7927
2	China	5729
3	Singapore	1513
4	India	534
5	France	521
6	Hong Kong	461
7	Russian Federation	394
8	Netherlands	389
9	Indonesia	373
10	South Korea	372

Friday, January 23, 2026

Botnet Statistics [2026-01-22]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-22 00:00-23:59 UTC
total number of suspected botnet IPs: 24223
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 22300
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	173775
2	6666	83388
3	2240	70894
4	22	50793
5	9922	39819
6	9322	37976
7	5902	34127
8	2522	28934
9	9222	26669
10	8004	24733

Rank	Network	# of suspected botnet IPs
1	MSFT	1385
2	GOOGLE-CLOUD	999
3	PAN-22	950
4	BYTEPLUS-SG	848
5	AL-3	824
6	VOLCANO-ENGINE	494
7	ASEPL-SG	450
8	FR-ONYPHE-20191111	416
9	ALISOFT	389
10	CENSY	375

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8662
2	China	5632
3	Singapore	1533
4	India	570
5	France	527
6	Netherlands	431
7	Russian Federation	428
8	Hong Kong	415
9	South Korea	390
10	Indonesia	383

Thursday, January 22, 2026

Botnet Statistics [2026-01-21]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-21 00:00-23:59 UTC
total number of suspected botnet IPs: 23444
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21479
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	168361
2	6666	80152
3	2240	69381
4	22	52613
5	9722	30633
6	5902	27578
7	2122	27351
8	9222	25832
9	444	23784
10	4022	23413

Rank	Network	# of suspected botnet IPs
1	MSFT	1345
2	GOOGLE-CLOUD	1007
3	PAN-22	946
4	BYTEPLUS-SG	881
5	AL-3	820
6	VOLCANO-ENGINE	563
7	ASEPL-SG	448
8	FR-ONYPHE-20191111	416
9	ALISOFT	411
10	CENSY	372

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8027
2	China	5526
3	Singapore	1536
4	India	590
5	France	537
6	Hong Kong	444
7	Indonesia	421
8	Russian Federation	415
9	Brazil	381
10	South Korea	376

Wednesday, January 21, 2026

Botnet Statistics [2026-01-20]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-20 00:00-23:59 UTC
total number of suspected botnet IPs: 23818
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 22065
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	178236
2	9722	73921
3	777	65772
4	2240	58217
5	6666	55777
6	8003	43017
7	58222	38860
8	2222	38630
9	22	37449
10	6622	34245

Rank	Network	# of suspected botnet IPs
1	MSFT	1356
2	GOOGLE-CLOUD	1003
3	PAN-22	949
4	BYTEPLUS-SG	881
5	AL-3	818
6	VOLCANO-ENGINE	472
7	ASEPL-SG	449
8	FR-ONYPHE-20191111	416
9	CENSY	379
10	ALISOFT	357

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8716
2	China	6018
3	Singapore	1515
4	India	527
5	France	487
6	Netherlands	449
7	Hong Kong	405
8	Russian Federation	390
9	Indonesia	344
10	Germany	335

Tuesday, January 20, 2026

Botnet Statistics [2026-01-19]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-19 00:00-23:59 UTC
total number of suspected botnet IPs: 23119
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21353
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	195087
2	777	96851
3	9722	81787
4	22	77169
5	2288	58709
6	8003	54959
7	2332	41804
8	1453	30043
9	10000	29127
10	5902	24737

Rank	Network	# of suspected botnet IPs
1	MSFT	1381
2	GOOGLE-CLOUD	1002
3	PAN-22	939
4	BYTEPLUS-SG	878
5	AL-3	837
6	VOLCANO-ENGINE	475
7	ASEPL-SG	446
8	FR-ONYPHE-20191111	416
9	CENSY	374
10	CMNET	367

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8361
2	China	5139
3	Singapore	1538
4	India	544
5	France	494
6	Russian Federation	435
7	Hong Kong	428
8	Netherlands	395
9	Brazil	395
10	South Korea	373

Monday, January 19, 2026

Botnet Statistics [2026-01-18]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-18 00:00-23:59 UTC
total number of suspected botnet IPs: 25554
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23513
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	265222
2	22	91312
3	2288	64910
4	8003	49701
5	777	28333
6	9722	24931
7	9222	23987
8	5902	23747
9	3422	21539
10	522	21429

Rank	Network	# of suspected botnet IPs
1	MSFT	1390
2	GOOGLE-CLOUD	1007
3	PAN-22	948
4	BYTEPLUS-SG	878
5	AL-3	850
6	VOLCANO-ENGINE	470
7	ASEPL-SG	453
8	FR-ONYPHE-20191111	416
9	ALISOFT	402
10	CENSY	378

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	9243
2	China	5264
3	Singapore	1491
4	Brazil	743
5	India	560
6	France	509
7	Netherlands	467
8	Russian Federation	455
9	Hong Kong	433
10	Indonesia	338

Sunday, January 18, 2026

Botnet Statistics [2026-01-17]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-17 00:00-23:59 UTC
total number of suspected botnet IPs: 28197
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25308
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	340285
2	22	104299
3	7322	93655
4	2288	64989
5	13222	38289
6	28722	37229
7	2022	35187
8	8622	32481
9	333	29302
10	5902	26051

Rank	Network	# of suspected botnet IPs
1	MSFT	1390
2	GOOGLE-CLOUD	1007
3	PAN-22	949
4	BYTEPLUS-SG	878
5	AL-3	834
6	VOLCANO-ENGINE	465
7	ASEPL-SG	457
8	FR-ONYPHE-20191111	416
9	CENSY	377
10	ALISOFT	372

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8663
2	China	5852
3	Singapore	1497
4	Brazil	1194
5	India	777
6	Russian Federation	567
7	France	537
8	Indonesia	414
9	Hong Kong	411
10	Netherlands	389

Saturday, January 17, 2026

Botnet Statistics [2026-01-16]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-16 00:00-23:59 UTC
total number of suspected botnet IPs: 28660
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25826
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	358756
2	22	68250
3	9822	67430
4	2288	64978
5	2255	43940
6	7070	40435
7	55022	36592
8	8222	36232
9	7322	33534
10	2022	29650

Rank	Network	# of suspected botnet IPs
1	MSFT	1407
2	GOOGLE-CLOUD	1002
3	PAN-22	949
4	BYTEPLUS-SG	878
5	AL-3	851
6	VOLCANO-ENGINE	478
7	ASEPL-SG	462
8	FR-ONYPHE-20191111	416
9	ALISOFT	391
10	CENSY	381

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8808
2	China	6088
3	Singapore	1504
4	Brazil	1082
5	India	811
6	Russian Federation	592
7	France	539
8	Hong Kong	436
9	South Korea	430
10	Indonesia	395

Friday, January 16, 2026

Botnet Statistics [2026-01-15]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-15 00:00-23:59 UTC
total number of suspected botnet IPs: 26297
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23851
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	324098
2	7070	99031
3	4675	69937
4	117	69780
5	8863	69760
6	8222	68907
7	2288	64432
8	9822	63434
9	2255	54470
10	2212	47459

Rank	Network	# of suspected botnet IPs
1	MSFT	1383
2	GOOGLE-CLOUD	1002
3	PAN-22	949
4	BYTEPLUS-SG	880
5	AL-3	848
6	VOLCANO-ENGINE	493
7	ASEPL-SG	463
8	FR-ONYPHE-20191111	416
9	ALISOFT	377
10	CMNET	368

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8848
2	China	6154
3	Singapore	1529
4	Brazil	747
5	India	576
6	France	514
7	Russian Federation	490
8	Hong Kong	444
9	Indonesia	407
10	Netherlands	388

Thursday, January 15, 2026

Botnet Statistics [2026-01-14]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-14 00:00-23:59 UTC
total number of suspected botnet IPs: 25446
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23423
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	307638
2	7122	86739
3	6373	81657
4	3011	79788
5	2255	78103
6	26172	76113
7	30844	76053
8	7070	75550
9	8123	75218
10	13039	74665

Rank	Network	# of suspected botnet IPs
1	MSFT	1340
2	GOOGLE-CLOUD	999
3	PAN-22	947
4	BYTEPLUS-SG	882
5	AL-3	850
6	VOLCANO-ENGINE	487
7	ASEPL-SG	468
8	FR-ONYPHE-20191111	416
9	ALISOFT	391
10	CENSY	371

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8646
2	China	5845
3	Singapore	1535
4	Brazil	764
5	India	635
6	France	529
7	Russian Federation	477
8	Netherlands	422
9	Indonesia	416
10	Hong Kong	408

Wednesday, January 14, 2026

Botnet Statistics [2026-01-13]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-13 00:00-23:59 UTC
total number of suspected botnet IPs: 26386
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24516
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	423268
2	7122	94513
3	82	78959
4	4603	76876
5	3022	76703
6	8167	74370
7	9525	74237
8	8284	73346
9	12472	73212
10	8041	73186

Rank	Network	# of suspected botnet IPs
1	MSFT	1382
2	GOOGLE-CLOUD	1003
3	PAN-22	949
4	BYTEPLUS-SG	882
5	AL-3	852
6	VOLCANO-ENGINE	494
7	ASEPL-SG	483
8	FR-ONYPHE-20191111	416
9	ALISOFT	391
10	CENSY	375

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	9206
2	China	6422
3	Singapore	1543
4	India	660
5	Brazil	604
6	France	568
7	Russian Federation	468
8	Indonesia	439
9	Hong Kong	422
10	Netherlands	403

Tuesday, January 13, 2026

Botnet Statistics [2026-01-12]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-12 00:00-23:59 UTC
total number of suspected botnet IPs: 25002
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23036
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	436039
2	7122	71795
3	9696	46082
4	22	45415
5	522	32647
6	8002	32381
7	2288	27033
8	5901	26538
9	3389	21208
10	5902	19326

Rank	Network	# of suspected botnet IPs
1	MSFT	1403
2	GOOGLE-CLOUD	1001
3	PAN-22	945
4	BYTEPLUS-SG	882
5	AL-3	857
6	VOLCANO-ENGINE	535
7	ASEPL-SG	481
8	FR-ONYPHE-20191111	416
9	ALISOFT	379
10	CENSY	373

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8836
2	China	5284
3	Singapore	1560
4	India	608
5	Brazil	591
6	France	547
7	Russian Federation	506
8	Indonesia	446
9	Hong Kong	437
10	Netherlands	405

Monday, January 12, 2026

Botnet Statistics [2026-01-11]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-11 00:00-23:59 UTC
total number of suspected botnet IPs: 25973
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24007
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	503061
2	522	53228
3	22	50192
4	2277	49093
5	5901	24382
6	7777	22554
7	3389	19780
8	23320	18946
9	5902	18741
10	59322	18649

Rank	Network	# of suspected botnet IPs
1	MSFT	1369
2	GOOGLE-CLOUD	1004
3	PAN-22	949
4	BYTEPLUS-SG	877
5	AL-3	866
6	VOLCANO-ENGINE	508
7	ASEPL-SG	478
8	FR-ONYPHE-20191111	416
9	ALISOFT	380
10	CENSY	367

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	9184
2	China	5499
3	Singapore	1507
4	Brazil	780
5	India	618
6	France	558
7	Russian Federation	537
8	Hong Kong	429
9	Netherlands	427
10	Indonesia	369

Sunday, January 11, 2026

Botnet Statistics [2026-01-10]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-10 00:00-23:59 UTC
total number of suspected botnet IPs: 25426
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 23185
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	492147
2	2277	78371
3	22	73691
4	5322	51964
5	522	51050
6	6789	45984
7	4922	45442
8	6000	37332
9	8001	33204
10	5901	27040

Rank	Network	# of suspected botnet IPs
1	MSFT	1372
2	GOOGLE-CLOUD	1001
3	PAN-22	949
4	AL-3	879
5	BYTEPLUS-SG	877
6	VOLCANO-ENGINE	501
7	ASEPL-SG	480
8	FR-ONYPHE-20191111	416
9	CENSY	377
10	ALISOFT	366

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8119
2	China	5665
3	Singapore	1504
4	Brazil	725
5	India	626
6	Russian Federation	620
7	France	586
8	Hong Kong	439
9	Netherlands	395
10	Indonesia	365

Saturday, January 10, 2026

Botnet Statistics [2026-01-09]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-09 00:00-23:59 UTC
total number of suspected botnet IPs: 27289
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25154
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	521688
2	4922	114311
3	2332	105829
4	5322	84674
5	8001	66353
6	5716	63002
7	8248	61162
8	22	58792
9	4343	58376
10	7127	56777

Rank	Network	# of suspected botnet IPs
1	MSFT	1382
2	GOOGLE-CLOUD	1003
3	PAN-22	949
4	AL-3	912
5	BYTEPLUS-SG	877
6	ASEPL-SG	514
7	VOLCANO-ENGINE	501
8	FR-ONYPHE-20191111	416
9	CENSY	382
10	ALISOFT	376

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8699
2	China	6159
3	Singapore	1578
4	India	681
5	Brazil	671
6	Russian Federation	628
7	France	577
8	Hong Kong	438
9	United Kingdom	395
10	Indonesia	394

Tuesday, January 6, 2026

Botnet Statistics [2026-01-05]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-05 00:00-23:59 UTC
total number of suspected botnet IPs: 19999
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18819
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	498795
2	4922	99781
3	5322	86623
4	1111	80591
5	22	64923
6	8001	64453
7	522	52587
8	8031	41800
9	20	41273
10	57344	35616

Rank	Network	# of suspected botnet IPs
1	MSFT	1403
2	GOOGLE-CLOUD	994
3	PAN-22	941
4	AL-3	902
5	BYTEPLUS-SG	878
6	VOLCANO-ENGINE	519
7	ASEPL-SG	518
8	ALISOFT	420
9	FR-ONYPHE-20191111	416
10	CENSY	366

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7583
2	China	4411
3	Singapore	1609
4	France	490
5	Hong Kong	411
6	Indonesia	338
7	United Kingdom	325
8	India	308
9	Germany	304
10	European Union	283

Monday, January 5, 2026

Botnet Statistics [2026-01-04]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-04 00:00-23:59 UTC
total number of suspected botnet IPs: 20390
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 19204
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	530568
2	8000	88511
3	5322	83389
4	22	78744
5	3443	65365
6	7777	61911
7	1333	56569
8	522	55565
9	10222	47678
10	9990	45003

Rank	Network	# of suspected botnet IPs
1	MSFT	1384
2	GOOGLE-CLOUD	1007
3	PAN-22	947
4	AL-3	904
5	BYTEPLUS-SG	878
6	ASEPL-SG	525
7	VOLCANO-ENGINE	510
8	FR-ONYPHE-20191111	416
9	ALISOFT	401
10	CENSY	361

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8365
2	China	4304
3	Singapore	1593
4	France	542
5	Hong Kong	416
6	United Kingdom	337
7	European Union	298
8	Germany	267
9	Indonesia	266
10	Netherlands	263

Sunday, January 4, 2026

Botnet Statistics [2026-01-03]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-03 00:00-23:59 UTC
total number of suspected botnet IPs: 19694
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18503
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	511998
2	6000	95052
3	22	73941
4	6001	70795
5	7777	65337
6	5322	64774
7	1333	56966
8	522	56296
9	2266	55986
10	8000	41943

Rank	Network	# of suspected botnet IPs
1	MSFT	1407
2	GOOGLE-CLOUD	1005
3	PAN-22	949
4	AL-3	909
5	BYTEPLUS-SG	878
6	ASEPL-SG	537
7	VOLCANO-ENGINE	510
8	FR-ONYPHE-20191111	416
9	ALISOFT	411
10	CENSY	374

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7589
2	China	4191
3	Singapore	1578
4	France	533
5	Hong Kong	409
6	United Kingdom	323
7	Indonesia	320
8	Germany	309
9	Russian Federation	291
10	India	288

Saturday, January 3, 2026

Botnet Statistics [2026-01-02]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-02 00:00-23:59 UTC
total number of suspected botnet IPs: 19767
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 18494
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	490012
2	9999	101938
3	9955	75191
4	522	56119
5	22	54005
6	3223	48805
7	7777	40388
8	1333	40227
9	5901	35741
10	5902	25046

Rank	Network	# of suspected botnet IPs
1	MSFT	1392
2	GOOGLE-CLOUD	1007
3	PAN-22	949
4	AL-3	905
5	BYTEPLUS-SG	878
6	ASEPL-SG	518
7	VOLCANO-ENGINE	512
8	FR-ONYPHE-20191111	416
9	ALISOFT	385
10	CENSY	381

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7674
2	China	4165
3	Singapore	1548
4	France	550
5	Hong Kong	403
6	Indonesia	342
7	Germany	322
8	United Kingdom	307
9	Russian Federation	289
10	European Union	284

Friday, January 2, 2026

Botnet Statistics [2026-01-01]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2026.
detection period: 2026-01-01 00:00-23:59 UTC
total number of suspected botnet IPs: 22584
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 21445
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	476160
2	9999	90369
3	522	67010
4	22	66799
5	777	41885
6	3883	41195
7	2255	33598
8	5901	30634
9	5902	24521
10	59622	19297

Rank	Network	# of suspected botnet IPs
1	MSFT	1345
2	GOOGLE-CLOUD	1004
3	PAN-22	949
4	AL-3	903
5	BYTEPLUS-SG	878
6	ASEPL-SG	528
7	VOLCANO-ENGINE	503
8	FR-ONYPHE-20191111	415
9	ALISOFT	400
10	CENSY	379

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7754
2	China	7176
3	Singapore	1594
4	France	551
5	Hong Kong	399
6	United Kingdom	316
7	Germany	313
8	Netherlands	296
9	Indonesia	287
10	European Union	271

Daily Zombie Lists for January 2026（2026年01月，每日殭屍電腦IP清單）

To facilitate security research, I will release the daily zombie IP lists in CSV format here for anyone interested to download. The data columns are defined as follows:

為協助資安方面的研究，我將每日釋出CSV格式的殭屍電腦IP清單，供任何有興趣的人下載。資料欄位定義如下：

Column 1: The date and time in UTC when the last connection attempt (port scans) from the zombie IP (column 2) was detected;

第1欄：該殭屍電腦最後一次被偵測到企圖連線的日期、時間，時區為UTC；

Column 2: Zombie IP;

第2欄：該殭屍電腦的IP位址；

Column 3: TCP destination port number scanned by the zombie.

第3欄：該殭屍電腦所掃描的TCP埠號。

Join the "Suspected Zombie IP List" Telegram channel to get notified when the latest data are ready for download.

想在第一時間取得資料下載網址？請加入Suspected Zombie IP List的Telegram頻道。

Here are the download links of the daily zombie IP lists for January 2026 (without excluding IP addresses of TOR exits and so-called security researchers' nodes.):

以下是2026年01月的每日殭屍電腦IP清單的下載網址(未濾除TOR exit與所謂“資安研究者”的主機IP)：

01/01: download link 下載網址; MD5sum: 17a23fe51f25fd701e4541169783d008

01/02: download link 下載網址; MD5sum: 0af39cf08665567d4d438ebc86824b2c

01/03: download link 下載網址; MD5sum: dc37e83893c7fd1c192a786681dbcb37

01/04: download link 下載網址; MD5sum: 085f12b05aee989ae52f50dd743605df

01/05: download link 下載網址; MD5sum: 82455c64175b3bfebef5759d0e35dcde

01/09: download link 下載網址; MD5sum: bb3da5c2f25eca1ebbb8e7182d796d9b

01/10: download link 下載網址; MD5sum: ede46fdb2a8e1ea893f85e30900676b7

01/11: download link 下載網址; MD5sum: 67e0bec0a9c8350ee7ea59ae55c098b3

01/12: download link 下載網址; MD5sum: 4f5b9a10358911f61c4c41940a8a5d92

01/13: download link 下載網址; MD5sum: fbe631e39835956a1091a71463628189

01/14: download link 下載網址; MD5sum: 5639d44f0960fc726dd62998c6406fe4

01/15: download link 下載網址; MD5sum: 7a8167cae5d7359cfb087e590f0780bb

01/16: download link 下載網址; MD5sum: 5d5ff8e731c0179589168d8f465ca268

01/17: download link 下載網址; MD5sum: b6914c0f5e0a68b42dd9e68c3220d2f3

01/18: download link 下載網址; MD5sum: c21704e2f1671ad0974f89a802b59a5d

01/19: download link 下載網址; MD5sum: ef78eb6e1e782d340655de7c58597d84

01/20: download link 下載網址; MD5sum: cc0ccfac942b34b1933d08f3a52b3600

01/21: download link 下載網址; MD5sum: 3bf22e91c6feafd7d64081af2bd49fed

01/22: download link 下載網址; MD5sum: 12366b726f0f873c5c57e602eba200a1

01/23: download link 下載網址; MD5sum: 48c54a3d1a844d7fbe66a796c173c96c

01/24: download link 下載網址; MD5sum: 53144415c7da6dc371dd5b7620b3e049

01/25: download link 下載網址; MD5sum: 2c69d38ebeed8aa6cf6e92b027079a01

01/26: download link 下載網址; MD5sum: 1d5bfc7bcfabfa76d717f1579164c594

01/27: download link 下載網址; MD5sum: eaaf6bf9275aed080d458513cba24700

01/28: download link 下載網址; MD5sum: 0c1fbfbeaff6e56711d76739d9852e19

01/29: download link 下載網址; MD5sum: 401116be61787cd75f28143661fd8631

01/30: download link 下載網址; MD5sum: 7ef3e749fbc11c6c1f01faf27d65b18f

01/31: download link 下載網址; MD5sum: 2262c2751e10908ba18a3efe9c73e729

Thursday, January 1, 2026

Botnet Statistics [2025-12-31]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for December 2025.
detection period: 2025-12-31 00:00-23:59 UTC
total number of suspected botnet IPs: 26398
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25159
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	TCP port number	# of connection attempts received
1	5900	338219
2	9292	57277
3	2255	57038
4	9999	55922
5	22	55779
6	1322	53678
7	522	51281
8	1122	45730
9	9911	37932
10	3443	31398

Rank	Network	# of suspected botnet IPs
1	MSFT	1377
2	GOOGLE-CLOUD	1000
3	PAN-22	945
4	AL-3	926
5	BYTEPLUS-SG	878
6	ASEPL-SG	568
7	VOLCANO-ENGINE	519
8	CLOUDFLARENET	445
9	UNICOM	437
10	ALISOFT	410

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	China	10439
2	United States	7975
3	Singapore	1661
4	France	467
5	Hong Kong	414
6	Indonesia	352
7	Germany	327
8	United Kingdom	324
9	India	290
10	Russian Federation	288

Rank	TCP port number	# of connection attempts received
1	5900	402373
2	9292	70610
3	7022	67752
4	1322	62798
5	22	60345
6	2555	60078
7	1122	59318
8	2255	58447
9	3443	43080
10	2244	33316

Saturday, January 31, 2026

Friday, January 30, 2026

Thursday, January 29, 2026

Wednesday, January 28, 2026

Tuesday, January 27, 2026

Monday, January 26, 2026

Sunday, January 25, 2026

Saturday, January 24, 2026

Friday, January 23, 2026

Thursday, January 22, 2026

Wednesday, January 21, 2026

Tuesday, January 20, 2026

Monday, January 19, 2026

Sunday, January 18, 2026

Saturday, January 17, 2026

Friday, January 16, 2026

Thursday, January 15, 2026

Wednesday, January 14, 2026

Tuesday, January 13, 2026

Monday, January 12, 2026

Sunday, January 11, 2026

Saturday, January 10, 2026

Tuesday, January 6, 2026

Monday, January 5, 2026

Sunday, January 4, 2026

Saturday, January 3, 2026

Friday, January 2, 2026

Thursday, January 1, 2026