New domain: DDOS.Cat.
Domain was used in a botnet before see the following article:
query: ddos.cat IN A +E
Attackers:
94.102.51.226
93.174.93.175
80.82.64.217
89.248.172.6
Attackers:
94.102.51.226
93.174.93.175
80.82.64.217
89.248.172.6
Name servers:
ns1.ddos.cat. 17840 IN A 74.91.18.226
ns2.ddos.cat. 17840 IN A 74.91.18.226
Name server IPs match the DirectedAt.Asia ones and a few others. Check the label: 'domains'
Whois:
Domain ID: REG-D973669
Domain Name: ddos.cat
Domain Name ACE: ddos.cat
Domain Language: ca
Registrar ID: R-2027 (GANDI SAS)
Created On: 2012-02-08 01:38:28 GMT
Last Updated On: 2013-07-13 14:42:53 GMT
Expiration Date: 2014-02-08 01:38:28 GMT
Maintainer: http://www.ovh.com
Status: clientTransferProhibited
Registrant ID: ovh50d9de63pi1u
Registrant Name: Max Maton
Registrant Organization:
Registrant Street: 10 Staleys Acre
Registrant Street: Borough Green
Registrant Street: Sevenoaks, Kent
Registrant City: Sevenoaks
Registrant State/Province:
Registrant Postal Code: TN15 8GT
Registrant Country: GB
Registrant Phone: +44.7403070068
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Admin ID: K2889-GANDI-MIUB
Admin Name: Julius Kivimaki
Admin Organization:
Admin Street: Urho Kekkosen katu 1
Admin City: Helsinki
Admin State/Province:
Admin Postal Code: 00100
Admin Country: CA
Admin Phone: +358.207710710
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Tech ID: K2889-GANDI-MIUB
Tech Name: Julius Kivimaki
Tech Organization:
Tech Street: Urho Kekkosen katu 1
Tech City: Helsinki
Tech State/Province:
Tech Postal Code: 00100
Tech Country: CA
Tech Phone: +358.207710710
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Billing ID: K2889-GANDI-MIUB
Billing Name: Julius Kivimaki
Billing Organization:
Billing Street: Urho Kekkosen katu 1
Billing City: Helsinki
Billing State/Province:
Billing Postal Code: 00100
Billing Country: CA
Billing Phone: +358.207710710
Billing Phone Ext:
Billing Fax:
Billing Fax Ext:
Billing Email:
Name Server: ns1.ddos.cat 74.91.18.226
Name Server ACE: ns1.ddos.cat 74.91.18.226
Name Server: ns2.ddos.cat 74.91.18.226
Name Server ACE: ns2.ddos.cat 74.91.18.226
ns1.ddos.cat. 17840 IN A 74.91.18.226
ns2.ddos.cat. 17840 IN A 74.91.18.226
Name server IPs match the DirectedAt.Asia ones and a few others. Check the label: 'domains'
Whois:
Domain ID: REG-D973669
Domain Name: ddos.cat
Domain Name ACE: ddos.cat
Domain Language: ca
Registrar ID: R-2027 (GANDI SAS)
Created On: 2012-02-08 01:38:28 GMT
Last Updated On: 2013-07-13 14:42:53 GMT
Expiration Date: 2014-02-08 01:38:28 GMT
Maintainer: http://www.ovh.com
Status: clientTransferProhibited
Registrant ID: ovh50d9de63pi1u
Registrant Name: Max Maton
Registrant Organization:
Registrant Street: 10 Staleys Acre
Registrant Street: Borough Green
Registrant Street: Sevenoaks, Kent
Registrant City: Sevenoaks
Registrant State/Province:
Registrant Postal Code: TN15 8GT
Registrant Country: GB
Registrant Phone: +44.7403070068
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Admin ID: K2889-GANDI-MIUB
Admin Name: Julius Kivimaki
Admin Organization:
Admin Street: Urho Kekkosen katu 1
Admin City: Helsinki
Admin State/Province:
Admin Postal Code: 00100
Admin Country: CA
Admin Phone: +358.207710710
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Tech ID: K2889-GANDI-MIUB
Tech Name: Julius Kivimaki
Tech Organization:
Tech Street: Urho Kekkosen katu 1
Tech City: Helsinki
Tech State/Province:
Tech Postal Code: 00100
Tech Country: CA
Tech Phone: +358.207710710
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Billing ID: K2889-GANDI-MIUB
Billing Name: Julius Kivimaki
Billing Organization:
Billing Street: Urho Kekkosen katu 1
Billing City: Helsinki
Billing State/Province:
Billing Postal Code: 00100
Billing Country: CA
Billing Phone: +358.207710710
Billing Phone Ext:
Billing Fax:
Billing Fax Ext:
Billing Email:
Name Server: ns1.ddos.cat 74.91.18.226
Name Server ACE: ns1.ddos.cat 74.91.18.226
Name Server: ns2.ddos.cat 74.91.18.226
Name Server ACE: ns2.ddos.cat 74.91.18.226
Couple of entries:
| Date | Time | SourceIP | SPort | TTL: | Country: | ISP: | Payload: | Domain: | Type: |
| 20130713 | 05:19:00 PM | 89.248.172.6 | 38777 | 59 | 'NL' | 'AS29073 Ecatel Network' | 65535 | ddos.cat | A |
| 20130713 | 05:19:00 PM | 80.82.64.217 | 60885 | 59 | 'NL' | 'AS29073 Ecatel Network' | 65535 | ddos.cat | A |
| 20130713 | 05:19:00 PM | 93.174.93.175 | 55715 | 59 | 'NL' | 'AS29073 Ecatel Network' | 65535 | ddos.cat | A |
| 20130713 | 06:01:00 PM | 94.102.51.226 | 42093 | 59 | 'NL' | 'AS29073 Ecatel Network' | 65535 | ddos.cat | A |
| 20130713 | 06:10:00 PM | 94.102.51.14 | 57450 | 59 | 'NL' | 'AS29073 Ecatel Network' | 65535 | ddos.cat | A |
| 20130717 | 02:17:00 PM | 89.248.174.117 | 53111 | 59 | 'NL' | 'AS29073 Ecatel Network' | 65535 | ddos.cat | ANY |
Attacks
Attacks with this domain have started:
143490 16-Jul-2013
385882 17-Jul-2013
37263 18-Jul-2013
Attacked IPs:
79680 87.242.67.62 - sads2.hs.shared.masterhost.ru.
78927 186.2.161.134 - ddos-guard.net.
27617 212.48.153.202 - 10.in-addr.newhost.ru.
25987 178.210.64.124 - aa12345aa.nichost.ru.
19490 46.165.231.130
16608 92.53.126.118
13089 212.58.153.195
6037 95.211.193.32
4460 90.156.201.13
2024 186.2.161.7
1392 82.194.241.14
1381 109.163.235.100 - R136a1.esteq.net.
1325 87.242.73.77 - panel.gohost.ru.
1046 178.32.211.74
999 178.32.209.116
950 87.98.159.80 - 87-98-159-80.kimsufi.com.
631 88.190.50.220 - 88-190-50-220.rev.dedibox.fr.
567 93.170.92.160
476 217.16.19.17
360 69.31.20.84
360 166.78.70.168
360 146.255.193.84
270 193.232.244.250 - irb-732.r1-m9.mnogobyte.net.
105 82.192.71.163
I thought the .cat TLD was supposed to be reserved for people from Catalonia or for topics related to Catalonia.
ReplyDelete