They have got to be one, if not the Worst offenders for as long as i can recall. I've been seeing these almost every minute of every hour at all times of the day, for months now ! Here are Just a FEW examples Description Packet sent from 77.72.82.72 Source DNS hostby.ups-gb.co.uk Description Packet sent from 5.188.86.57 Source DNS hostby.channelnet.ie The attacks come mostly from their 77 etc range of IP's, but as you can see, they have others. Whois lists them as a UK security company, as in, crowd control & CCTV etc. So why they need to be doing what they are is Very strange. Unless, that's just a cover for "Other" types of "Business" ? Or they have been infected & nobody there has realised ? Anybody else see these in their FW Logs ?
Ipvoid.com shows 77.72.82.72 a 7/96 detection for their blacklists. Since that IP hosts a lot of URLs, assume a number of them are malicious.
@ reasonablePrivacy Oh i'm not worried about anything getting in LOL, as my FW is nicely blocking those, & All the others. I was only highlighting a persistant IP offender ! Some people viewing might like to watch out for it/them
This is the first log entry from the first device off the wire. Wireshark gives me the packets but the payload is encrypted. My IP has been targeted for sometime now. I'm getting the feeling the attacker is local and using this UK location as a launching point. I wonder if I ask my ISP to swap out the WAN side with an IP from another block altogether if they'd do that...