Last week I've been working on a dashboard to display attacks rather than using Twitter / Blogger as the amount of observed attacks has skyrocketed.
Last two days I've observed an attack targetting two IPs in Costa Rica. Here are some details (Last 24 hours):
|200458||220.127.116.11||Costa Rica||ripe.net (151163x), www.58wgw.com (49295x)|
|176447||18.104.22.168||Costa Rica||ripe.net (136108x), www.58wgw.com (40339x)|
Strange about this is the fact that the domain 'www.58wgw.com' a domain I have not seen before in attacks is actually pointing to these two IPs.
It seems like a misfire as a domain with 2 A records is not exactly an exciting DNS amplification and a bit weird if it is the domain being targetted in the first place.
Attacks over the different days:
I do not have my other statistics ready that I usually display in my blog. When I will I might update the post and will make my dashboard publicly available.
Info about the domain:
Website on it is written in Chineese and is about some game.. *confused*
Creation Date: 2011-11-04 08:10:44
Registered using a qq.com email.
dig any 58wgw.com @22.214.171.124 +short