detection period: 2022-04-27 00:00-23:59 UTC
total number of suspected botnet IPs: 27159
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 25316
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | ACEVILLEPTELTD-SG | 1633 |
| 2 | DIGITALOCEAN-192-241-128-0 | 940 |
| 3 | VNPT-VN | 527 |
| 4 | CMNET | 473 |
| 5 | Baidu | 415 |
| 6 | VIETTEL-VN | 387 |
| 7 | ALISOFT | 361 |
| 8 | BSNLNET | 316 |
| 9 | HINET-NET | 313 |
| 10 | MSFT | 268 |
The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | United States | 5161 |
| 2 | China | 4225 |
| 3 | Singapore | 1763 |
| 4 | India | 1733 |
| 5 | Russian Federation | 1457 |
| 6 | Viet Nam | 1311 |
| 7 | Brazil | 1153 |
| 8 | Indonesia | 738 |
| 9 | Hong Kong | 641 |
| 10 | Taiwan | 513 |
The top 10 TCP ports, ordered by the number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 122 | 279464 |
| 2 | 422 | 262389 |
| 3 | 622 | 259045 |
| 4 | 522 | 255864 |
| 5 | 322 | 239985 |
| 6 | 6699 | 116183 |
| 7 | 9122 | 79634 |
| 8 | 3021 | 59966 |
| 9 | 23 | 51499 |
| 10 | 6002 | 50970 |
Hello. You might want to remove TOR exit nodes from the list of attackers before you send email to their abuse address. Or rather, TOR operators all over the world might want you to do that. :-P
ReplyDelete