Thursday, May 23, 2013

Big attack Costa Rica: 190.93.249.10 / 190.93.248.10



Last week I've been working on a dashboard to display attacks rather than using Twitter / Blogger as the amount of observed attacks has skyrocketed.

Last two days I've observed an attack targetting two IPs in Costa Rica. Here are some details (Last 24 hours):

CountIPCountryDomains
200458190.93.249.10Costa Ricaripe.net (151163x), www.58wgw.com (49295x)
176447190.93.248.10Costa Ricaripe.net (136108x), www.58wgw.com (40339x)


Strange about this is the fact that the domain 'www.58wgw.com' a domain I have not seen before in attacks is actually pointing to these two IPs.

It seems like a misfire as a domain with 2 A records is not exactly an exciting DNS amplification and a bit weird if it is the domain being targetted in the first place.


Attacks over the different days:

 400622x  23-May-2013
 139301x  22-May-2013
   12617x  21-May-2013
       878x  17-May-2013





Domains used: 

430109x   ripe.net
122431x   www.58wgw.com
      878x   isc.org

I do not have my other statistics ready that I usually display in my blog. When I will I might update the post and will make my dashboard publicly available.


Info about the domain:

Website on it is written in Chineese and is about some game.. *confused*

Creation Date:   2011-11-04 08:10:44
Registered using a qq.com email.

dig any 58wgw.com @8.8.8.8 +short
seth.ns.cloudflare.com.
pam.ns.cloudflare.com.
190.93.249.10
190.93.248.10

No comments:

Post a Comment