Created
May 31, 2014 19:07
-
-
Save taoeffect/a74d3e302b06965036bf to your computer and use it in GitHub Desktop.
DNS attack pattern (anonymized, consistent mapping of first 3 octets)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2014-05-31T02:26:31.914Z - warn: [DNS] ignoring :: name=wln.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:33.035Z - warn: [DNS] ignoring :: name=nbcqrstuiwxlm.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:33.204Z - warn: [DNS] ignoring :: name=xdbnllpgokoelmx.www.citizenswebforum.com, ip=1.1.1.204 | |
| 2014-05-31T02:26:33.205Z - warn: [DNS] ignoring :: name=yziujhftcwugxaz.www.citizenswebforum.com, ip=2.2.2.214 | |
| 2014-05-31T02:26:33.410Z - warn: [DNS] ignoring :: name=lyvie.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:33.532Z - warn: [DNS] ignoring :: name=kxgladxuz.www.citizenswebforum.com, ip=3.3.3.157 | |
| 2014-05-31T02:26:33.669Z - warn: [DNS] ignoring :: name=ihdzv.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:33.827Z - warn: [DNS] ignoring :: name=gsejo.www.citizenswebforum.com, ip=4.4.4.19 | |
| 2014-05-31T02:26:33.830Z - warn: [DNS] ignoring :: name=ewtmy.www.citizenswebforum.com, ip=5.5.5.163 | |
| 2014-05-31T02:26:33.952Z - warn: [DNS] ignoring :: name=sztpppvrapwtxds.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:34.068Z - warn: [DNS] ignoring :: name=ohbxtwb.www.citizenswebforum.com, ip=6.6.6.188 | |
| 2014-05-31T02:26:34.071Z - warn: [DNS] ignoring :: name=oexcert.www.citizenswebforum.com, ip=6.6.6.248 | |
| 2014-05-31T02:26:34.073Z - warn: [DNS] ignoring :: name=utvrloo.www.citizenswebforum.com, ip=6.6.6.95 | |
| 2014-05-31T02:26:34.073Z - warn: [DNS] ignoring :: name=aocqesthvwxlm.www.citizenswebforum.com, ip=6.6.6.241 | |
| 2014-05-31T02:26:34.339Z - warn: [DNS] ignoring :: name=nojtduu.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:34.342Z - warn: [DNS] ignoring :: name=rxchgdl.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:34.764Z - warn: [DNS] ignoring :: name=aopdrftuijxyz.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:34.801Z - warn: [DNS] ignoring :: name=snctwfwjs.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:34.866Z - warn: [DNS] ignoring :: name=bdketwzozvmxvng.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:35.004Z - warn: [DNS] ignoring :: name=xxx.www.citizenswebforum.com, ip=7.7.7.178 | |
| 2014-05-31T02:26:35.014Z - warn: [DNS] ignoring :: name=z.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:35.015Z - warn: [DNS] ignoring :: name=udjcsbhkqydnflc.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:35.303Z - warn: [DNS] ignoring :: name=y.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:35.444Z - warn: [DNS] ignoring :: name=rxzcltlxhltwtmv.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:35.482Z - warn: [DNS] ignoring :: name=kaclheybl.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:35.664Z - warn: [DNS] ignoring :: name=cytoriadelz.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:35.955Z - warn: [DNS] ignoring :: name=dpe.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:36.453Z - warn: [DNS] ignoring :: name=fxoivcfpjjz.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:36.536Z - warn: [DNS] ignoring :: name=kxgladxuz.www.citizenswebforum.com, ip=3.3.3.157 | |
| 2014-05-31T02:26:36.619Z - warn: [DNS] ignoring :: name=pur.www.citizenswebforum.com, ip=7.7.7.138 | |
| 2014-05-31T02:26:36.620Z - warn: [DNS] ignoring :: name=esl.www.citizenswebforum.com, ip=7.7.7.138 | |
| 2014-05-31T02:26:36.626Z - warn: [DNS] ignoring :: name=ocsuizbljwa.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:36.643Z - warn: [DNS] ignoring :: name=y.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:36.646Z - warn: [DNS] ignoring :: name=y.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:36.664Z - warn: [DNS] ignoring :: name=qwsqwivjx.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:36.953Z - warn: [DNS] ignoring :: name=aekcdeympgpsexi.www.citizenswebforum.com, ip=149.254.162.57 | |
| 2014-05-31T02:26:37.036Z - warn: [DNS] ignoring :: name=ronkhehnzpggqdu.www.citizenswebforum.com, ip=79.207.10.249 | |
| 2014-05-31T02:26:37.160Z - warn: [DNS] ignoring :: name=rwhrm.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:37.222Z - warn: [DNS] ignoring :: name=mxqeszzoq.www.citizenswebforum.com, ip=7.7.7.138 | |
| 2014-05-31T02:26:37.237Z - warn: [DNS] ignoring :: name=sbdsi.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:37.238Z - warn: [DNS] ignoring :: name=ansxcfrgu.www.citizenswebforum.com, ip=7.7.7.138 | |
| 2014-05-31T02:26:37.330Z - warn: [DNS] ignoring :: name=abcdesthvjkym.www.citizenswebforum.com, ip=8.8.8.16 | |
| 2014-05-31T02:26:38.050Z - warn: [DNS] ignoring :: name=fzono.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:38.148Z - warn: [DNS] ignoring :: name=ktb.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:38.866Z - warn: [DNS] ignoring :: name=ajk.www.citizenswebforum.com, ip=9.9.9.61 | |
| 2014-05-31T02:26:38.876Z - warn: [DNS] ignoring :: name=sod.www.citizenswebforum.com, ip=10.10.10.105 | |
| 2014-05-31T02:26:39.075Z - warn: [DNS] ignoring :: name=abpdrstuiwklz.www.citizenswebforum.com, ip=7.7.7.138 | |
| 2014-05-31T02:26:39.076Z - warn: [DNS] ignoring :: name=nocqrsguvwxlz.www.citizenswebforum.com, ip=7.7.7.138 | |
| 2014-05-31T02:26:39.138Z - warn: [DNS] ignoring :: name=abcdefghvwxlz.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:39.275Z - warn: [DNS] ignoring :: name=ywgwjawfj.www.citizenswebforum.com, ip=11.11.11.69 | |
| 2014-05-31T02:26:39.488Z - warn: [DNS] ignoring :: name=sqrxmsfdgkdhohh.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:39.545Z - warn: [DNS] ignoring :: name=kxgladxuz.www.citizenswebforum.com, ip=3.3.3.157 | |
| 2014-05-31T02:26:39.562Z - warn: [DNS] ignoring :: name=xeffrrvtnesruhu.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:40.251Z - warn: [DNS] ignoring :: name=mpwxvoztuifidap.www.citizenswebforum.com, ip=666.666.666.16 | |
| 2014-05-31T02:26:40.258Z - warn: [DNS] ignoring :: name=ullrqbg.www.citizenswebforum.com, ip=666.666.666.18 | |
| 2014-05-31T02:26:40.421Z - warn: [DNS] ignoring :: name=ksj.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:40.533Z - warn: [DNS] ignoring :: name=rnrjdjkrimrdcjz.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:41.297Z - warn: [DNS] ignoring :: name=uicqwswfo.www.citizenswebforum.com, ip=12.12.12.217 | |
| 2014-05-31T02:26:41.300Z - warn: [DNS] ignoring :: name=ucxomepnv.www.citizenswebforum.com, ip=13.13.13.52 | |
| 2014-05-31T02:26:41.475Z - warn: [DNS] ignoring :: name=smwzozxjv.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:41.555Z - warn: [DNS] ignoring :: name=nbpdesghijklm.www.citizenswebforum.com, ip=666.666.666.17 | |
| 2014-05-31T02:26:41.586Z - warn: [DNS] ignoring :: name=yrwcewsho.www.citizenswebforum.com, ip=666.666.666.17 | |
| 666.666.666 = 36 | |
| 1.1.1 = 1 | |
| 2.2.2 = 1 | |
| 3.3.3 = 3 | |
| 4.4.4 = 1 | |
| 5.5.5 = 1 | |
| 6.6.6 = 4 | |
| 7.7.7 = 7 | |
| [8-13].[8-13].[8-13] = 1 each |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment