detection period: 2021-05-10 00:00-23:59 UTC
total number of suspected botnet IPs: 29467
number of botnet IPs notified to network operators (best case, if all mail were sent out successfully): 27000
number of spam blocked: 0
recipient count of spam blocked: 0
The top 10 networks (as found in WHOIS), ordered by the number of suspected botnet IPs are:
| Rank | Network | # of suspected botnet IPs |
|---|---|---|
| 1 | TencentCloud | 2022 |
| 2 | ALISOFT | 707 |
| 3 | DIGITALOCEAN-192-241-128-0 | 679 |
| 4 | TENCENT-CN | 672 |
| 5 | NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK | 610 |
| 6 | VNPT-VN | 598 |
| 7 | VIETTEL-VN | 516 |
| 8 | HINET-NET | 410 |
| 9 | Baidu | 385 |
| 10 | CMNET | 310 |
The top 10 countries (as defined by the 2-character country code), ordered by the number of suspected botnet IPs are:
| Rank | Country/Region | # of suspected botnet IPs |
|---|---|---|
| 1 | China | 7980 |
| 2 | United States | 4271 |
| 3 | India | 1672 |
| 4 | Viet Nam | 1612 |
| 5 | Russian Federation | 1436 |
| 6 | Brazil | 1359 |
| 7 | Indonesia | 833 |
| 8 | European Union | 627 |
| 9 | Taiwan | 552 |
| 10 | Mauritius | 539 |
The top 10 TCP ports, ordered by the number of connection attempts received are:
| Rank | TCP port number | # of connection attempts received |
|---|---|---|
| 1 | 445 | 195440 |
| 2 | 1060 | 65905 |
| 3 | 22 | 47547 |
| 4 | 18065 | 37711 |
| 5 | 49161 | 37672 |
| 6 | 1062 | 37049 |
| 7 | 1260 | 36475 |
| 8 | 3007 | 34772 |
| 9 | 49061 | 32020 |
| 10 | 1161 | 31592 |
No comments:
Post a Comment