[outages] NANOG
Rich Kulawiec
rsk at gsp.org
Mon Oct 26 10:13:47 EDT 2015
On Mon, Oct 26, 2015 at 06:19:11AM -0700, John Sage wrote:
> After the appropriate wgets and less'es those all seemed to point back to
>
> avazunic [dot] com
>
> which is registered in -- wait for it -- CN...
I have noted 374 different domains (so far) in this attack and have
analyzed them at a cursory level. Thus far, I see no pattern of
registration, DNS, geography, hosting, etc. I strongly suspect that
many of these, perhaps even most or all, represent web sites that have
been breached and are being used to spread the payload.
---rsk
More information about the Outages
mailing list