Last week I've been working on a dashboard to display attacks rather than using Twitter / Blogger as the amount of observed attacks has skyrocketed.
Last two days I've observed an attack targetting two IPs in Costa Rica. Here are some details (Last 24 hours):
Count | IP | Country | Domains |
200458 | 190.93.249.10 | Costa Rica | ripe.net (151163x), www.58wgw.com (49295x) |
176447 | 190.93.248.10 | Costa Rica | ripe.net (136108x), www.58wgw.com (40339x) |
Strange about this is the fact that the domain 'www.58wgw.com' a domain I have not seen before in attacks is actually pointing to these two IPs.
It seems like a misfire as a domain with 2 A records is not exactly an exciting DNS amplification and a bit weird if it is the domain being targetted in the first place.
Attacks over the different days:
400622x 23-May-2013
139301x 22-May-2013
12617x 21-May-2013
878x 17-May-2013
Domains used:
430109x ripe.net
122431x www.58wgw.com
878x isc.org
I do not have my other statistics ready that I usually display in my blog. When I will I might update the post and will make my dashboard publicly available.
Info about the domain:
Website on it is written in Chineese and is about some game.. *confused*
Creation Date: 2011-11-04 08:10:44
Registered using a qq.com email.
dig any 58wgw.com @8.8.8.8 +short
seth.ns.cloudflare.com.
pam.ns.cloudflare.com.
190.93.249.10
190.93.248.10
No comments:
Post a Comment