takipcilordu.com | 1,549 hits in 60 minutes from 5 IPs

Interesting amount of traffic to one domain. I’ve been following a lot of increased semi-suspect traffic originating from Digital Ocean IP ranges.

1,549 hits
60 minutes
5 ips
Reported hacked in 2017 & 2018 by www.mirror-h.org | www.zone-h.org
Snip of requests;

165.227.137.157 – – [02/Nov/2018:19:06:19 -0500] “GET http://89.163.242.205/wctbgprrho HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:21 -0500] “GET http://89.163.242.205/bqukkyazyt HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:21 -0500] “GET http://89.163.242.205/attymmpyfu HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:29 -0500] “GET http://89.163.242.205/bmxuiryduj HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:30 -0500] “GET http://89.163.242.205/ywcoksjafu HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:35 -0500] “GET http://89.163.242.205/zzdzuakljm HTTP/1.1” 502 7322
165.227.137.157 – – [02/Nov/2018:19:06:38 -0500] “GET http://89.163.242.205/bmxuiryduj HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:40 -0500] “GET http://89.163.242.205/wctbgprrho HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:06:47 -0500] “GET http://89.163.242.205/zvrclfeprf HTTP/1.1” 200 10224
165.227.137.157 – – [02/Nov/2018:19:07:01 -0500] “GET http://89.163.242.205/ihelpnrdpn HTTP/1.1” 502 7322
165.227.137.157 – – [02/Nov/2018:19:07:01 -0500] “GET http://89.163.242.205/shlfadlqme HTTP/1.1” 200 10224

NetRange: 165.227.0.0 – 165.227.255.255
CIDR: 165.227.0.0/16
NetName: DIGITALOCEAN-19
NetHandle: NET-165-227-0-0-1
Parent: NET165 (NET-165-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2016-10-06
Updated: 2016-10-06
Ref: https://rdap.arin.net/registry/ip/165.227.0.0
;