Aller au contenu principal

Ce contenu est disponible en anglais seulement.

This week's big winner was a spambot using a random character .ru domain and unlike past weeks, the pattern was different. On the weekend, typically the usual number of blocked domains falls as users tend to be more offline, at least from the networked computers. However this week, there was a huge spike in the number of unique domains blocked that peaked at just over 4,900 on Saturday, May 5th. We aren't charting this here, but traffic returned to more normal quieter weekend patterns on the 6th.

In terms of the rest of the top blocked domains, we see a couple of non-resolving domains like buysellstops.com and underpants.online that are using WHOIS privacy. We also see the usual cadre of randomized domains.

Domain

Threat

xdqzpbcgrvkj.ru

Spambot

76236osm1.ru

Trojan downloaders

buysellstops.com

Malware Call Home

superyou.zapto.org

Spybot

e51091eec8b619d50e44c8c29b7a0ee8.com

Malware Call Home

ns6.wowrack.com

Mirai

ns5.wowrack.com

Mirai

0x3h32haer.underpants.online

Malware Call Home

dj1.jfrmt.net

Morto

soplifan.ru

Trojan downloaders

And finally, we noted a spike in DNS amplification traffic this week that peaked on May 3rd.These are queries designed to get a response that is larger than the query and generally used for DDoS attacks on a third party.

 

On our end, we rate limit responses to these types of queries to sink them before they can cause slowdowns to ours, or the targets systems.