Daily Botnet Statistics: 2025

Friday, January 3, 2025

Botnet Statistics [2025-01-02]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2025. To get an idea of what IP is scanning the Internet currently, please watch: Daily Botnet Detection Live Streaming.)
detection period: 2025-01-02 00:00-23:59 UTC
total number of suspected botnet IPs: 26928
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25407
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1425
2	GOOGLE-CLOUD	1030
3	BSNLNET	968
4	PAN-22	954
5	MSFT	865
6	UK-MICROSOFT-20000324	563
7	AL-3	532
8	KORNET-KR	506
9	CMNET	467
10	CENSY	377

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8037
2	China	5606
3	India	1798
4	Taiwan	1626
5	United Kingdom	1111
6	South Korea	845
7	Russian Federation	541
8	Hong Kong	528
9	Brazil	490
10	Singapore	475

Rank	TCP port number	# of connection attempts received
1	1122	159837
2	8899	116941
3	3322	109629
4	22	81394
5	4444	78582
6	6000	66799
7	3389	55915
8	23	54625
9	4900	37411
10	2248	34206

20250103 Botnet Detection Live Streaming 10+ zombies detected)

Thursday, January 2, 2025

Botnet Statistics [2025-01-01]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for January 2025. To get an idea of what IP is scanning the Internet currently, please watch: Daily Botnet Detection Live Streaming.)
detection period: 2025-01-01 00:00-23:59 UTC
total number of suspected botnet IPs: 25810
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24225
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1609
2	GOOGLE-CLOUD	1013
3	PAN-22	961
4	BSNLNET	930
5	MSFT	871
6	UK-MICROSOFT-20000324	564
7	KORNET-KR	497
8	CMNET	459
9	AL-3	454
10	CHINANET-JS	371

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	7843
2	China	4622
3	Taiwan	1832
4	India	1708
5	United Kingdom	1142
6	South Korea	852
7	Russian Federation	604
8	Hong Kong	531
9	Brazil	478
10	Singapore	441

Rank	TCP port number	# of connection attempts received
1	4444	363777
2	1122	206316
3	3322	174277
4	8899	121205
5	4433	95772
6	6000	78747
7	22	72649
8	23	57016
9	3389	50272
10	24	47941

20250102 Botnet Detection Live Streaming 30+ zombies detected)

Daily Zombie Lists for January 2025（2025年01月，每日殭屍電腦IP清單）

To facilitate security research, I will release the daily zombie IP lists in CSV format here for anyone interested to download. The data columns are defined as follows:

為協助資安方面的研究，我將每日釋出CSV格式的殭屍電腦IP清單，供任何有興趣的人下載。資料欄位定義如下：

Column 1: The date and time in UTC when the last connection attempt (port scans) from the zombie IP (column 2) was detected;

第1欄：該殭屍電腦最後一次被偵測到企圖連線的日期、時間，時區為UTC；

Column 2: Zombie IP;

第2欄：該殭屍電腦的IP位址；

Column 3: TCP destination port number scanned by the zombie.

第3欄：該殭屍電腦所掃描的TCP埠號。

Join the "Suspected Zombie IP List" Telegram channel to get notified when the latest data are ready for download.

想在第一時間取得資料下載網址？請加入Suspected Zombie IP List的Telegram頻道。

Here are the download links of the daily zombie IP lists for January 2025 (without excluding IP addresses of TOR exits and so-called security researchers' nodes.):

以下是2025年01月的每日殭屍電腦IP清單的下載網址(未濾除TOR exit與所謂“資安研究者”的主機IP)：

01/01: download link 下載網址; MD5sum: 6d170756ea431033c5be8a00851a435b

01/02: download link 下載網址; MD5sum: abe2d123f44fb1eecbf6cd1f88347e9a

Wednesday, January 1, 2025

Botnet Statistics [2024-12-31]

(To download the latest zombie ip list, please visit the Daily Zombie IP Lists for December 2024. To get an idea of what IP is scanning the Internet currently, please watch: Daily Botnet Detection Live Streaming.)
detection period: 2024-12-31 00:00-23:59 UTC
total number of suspected botnet IPs: 26204
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 24684
number of spam blocked: 0
recipient count of spam blocked: 0

The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:

Rank	Network	# of suspected botnet IPs
1	HINET-NET	1606
2	GOOGLE-CLOUD	990
3	PAN-22	955
4	MSFT	872
5	BSNLNET	851
6	UK-MICROSOFT-20000324	561
7	CMNET	486
8	AL-3	480
9	KORNET-KR	474
10	CENSY	376

The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:

The top 10 TCP ports, ordered by the number of connection attempts received are:

Rank	Country/Region	# of suspected botnet IPs
1	United States	8187
2	China	4621
3	Taiwan	1848
4	India	1669
5	United Kingdom	1104
6	South Korea	826
7	Russian Federation	543
8	Hong Kong	540
9	Brazil	508
10	Singapore	475

Rank	TCP port number	# of connection attempts received
1	3322	246067
2	1122	209333
3	4444	158246
4	8899	122185
5	21	105113
6	4433	102846
7	6000	66583
8	24	65055
9	23	56054
10	22	54080

20250101 Botnet Detection Live Streaming 30+ zombies detected)