[outages] NANOG
Patrick W. Gilmore
patrick at ianai.net
Mon Oct 26 10:54:59 EDT 2015
First: I see these leaking into outages@ as well.
Second: Anyone else sad you were not spoofed? What? Am I not good enough to spoof? <pout>
--
TTFN,
patrick
> On Oct 26, 2015, at 10:27 AM, John Sage via Outages <outages at outages.org> wrote:
>
> On 10/26/2015 07:13 AM, Rich Kulawiec via Outages wrote:
>> On Mon, Oct 26, 2015 at 06:19:11AM -0700, John Sage wrote:
>>> After the appropriate wgets and less'es those all seemed to point back to
>>>
>>> avazunic [dot] com
>>>
>>> which is registered in -- wait for it -- CN...
>>
>> I have noted 374 different domains (so far) in this attack and have
>> analyzed them at a cursory level. Thus far, I see no pattern of
>> registration, DNS, geography, hosting, etc. I strongly suspect that
>> many of these, perhaps even most or all, represent web sites that have
>> been breached and are being used to spread the payload.
>
> In my OP I was referring to the domain name that the ultimate payload contained, after the cobweb of redirects in the initial spam was followed back to an endpoint.
>
> But I only did six or so, early yesterday, so who knows...
>
> #EOF
>
>
> - John
> --
>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
More information about the Outages
mailing list