About swozny

All,   We're trying to track down some weirdness being reported by our Panorama instance.  Every night around the same time we see some traffic from our central DNS server get sinkholed because it's a "Suspicious DNS Query".  We're working in parallel to identify the system originating these queries, but I was asked to see if anyone in the community recognized a pattern in these hosts and might know if there's a particular piece of malware or botnet we're potentially dealing with.   Any assistance or suggestions would be appreciated.   Thanks,   Scott   12/28/2021 21:57 amazvo.gqhormc.cn 12/28/2021 21:57 sudovenko.com 12/28/2021 21:57 cloudxsolutions.co.uk 12/28/2021 21:57 7585696986757.ru 12/28/2021 21:57 www.amazvo.gqhormc.cn 12/28/2021 21:57 novobrbnet.com.logins-longs.tk 12/28/2021 21:57 fiber10.iaasdns.com 12/28/2021 21:57 4eb8fb47d7.nxcli.net 12/28/2021 21:57 www.amazvo.gqhormc.cn 12/27/2021 21:57 diiscord-nitro.com 12/26/2021 21:57 161-35-66-173.plesk.page 12/26/2021 21:57 dfscord.com 12/26/2021 21:57 i-selfie.com 12/26/2021 21:57 marmardian.co.vu 12/25/2021 21:57 sleboncoin.000webhostapp.com 12/25/2021 21:57 facebvok.000webhostapp.com 12/25/2021 21:57 paintandgameingfunnny.000webhostapp.com 12/25/2021 21:57 stayhomecornerflash.000webhostapp.com 12/25/2021 21:57 www.smbcbc.com 12/25/2021 21:57 amazons.im45.com 12/24/2021 21:57 kurzezeit-sprka-infos-2022.xyz 12/24/2021 21:57 steamcommunlts.ru 12/24/2021 21:57 ruralaccounting.com.au 12/24/2021 21:57 secure6t-verifi.duckdns.org 12/24/2021 21:57 reg.chaindaohang.com 12/24/2021 21:57 reg.chaindaohang.com 12/23/2021 21:57 shelivesstore.com 12/23/2021 21:57 ruralaccounting.com.au 12/23/2021 21:57 lnterbanksunat.com 12/23/2021 21:57 dethrone.pe 12/23/2021 21:57 alertpayppusernotice.ru 12/23/2021 21:57 dethrone.pe 12/23/2021 21:57 amazon.co.jp.vjpjjeo.cn 12/22/2021 20:56 www.gisunit.com 12/22/2021 20:55 amazon.ottre.club 12/22/2021 20:55 reg.chaindaohang.com 12/22/2021 20:55 kzeit-sparka-2022.xyz 12/22/2021 20:55 www1.micard.co.jp.tingbnb.com 12/22/2021 20:55 walletconnectverifier.com 12/21/2021 20:56 web-exodus.ru 12/21/2021 20:56 www.paypal.ataier.com 12/21/2021 20:56 web-exodus.ru 12/21/2021 20:56 www.e.aoeosten.com 12/21/2021 20:56 web-exodus.ru 12/21/2021 20:56 discord-gifft.com 12/21/2021 20:56 claimitemffgratis77.duckdns.org 12/21/2021 20:56 jegexa8878.temp.swtest.ru 12/21/2021 20:56 identifiez-vous655.yolasite.com 12/21/2021 20:56 identifiez-vous654.yolasite.com 12/21/2021 20:56 tvenitlix.servehttp.com 12/21/2021 20:56 www.kddi-south.com 12/21/2021 20:55 donaldrsteele.com 12/21/2021 20:55 opro-abonnement.duckdns.org 12/20/2021 20:55 www.losingyourbelly.com 12/20/2021 20:55 superschool.bytesolutions.tk 12/20/2021 20:55 superschool.bytesolutions.tk 12/20/2021 20:55 https.appcompleto.dynv6.net 12/19/2021 21:57 apoioparaempresas.com 12/19/2021 21:57 martalunghabitats.co.vu 12/19/2021 21:57 efilingtaxes.net 12/19/2021 21:57 efilingtaxes.net 12/19/2021 21:57 negocios-e-financas.000webhostapp.com 12/19/2021 21:57 onlibanks.5k5.ru 12/19/2021 21:57 martalunghabitats.co.vu 12/18/2021 20:56 olx-pl.szybkiodbior-pieniadz.work 12/18/2021 20:55 walletconnectdapps.in 12/17/2021 20:56 a8hd0j5.cn 12/17/2021 20:56 no.bank-id.cc 12/17/2021 20:56 637900.selcdn.ru 12/17/2021 20:56 exondus-lokin.com 12/17/2021 20:56 no.bank-id.cc 12/17/2021 20:56 637900.selcdn.ru 12/17/2021 20:55 spin-garenafreefire.duckdns.org 12/17/2021 20:55 allstardeluxecarwash.com 12/16/2021 20:55 infocz2024.temp.swtest.ru 12/16/2021 20:55 municieneguillagobpe.000webhostapp.com 12/16/2021 20:55 www.matadormeteo.com 12/16/2021 20:55 pancakeswap-finence.com 12/16/2021 20:55 tizianocagalli.com 12/16/2021 20:55 infocz2024.temp.swtest.ru 12/16/2021 20:55 paypal-secured-verification.lhr.rocks 12/16/2021 20:55 resgatarpontos.000webhostapp.com 12/16/2021 20:55 paypal-online-2deposits-paymentaccept.tk 12/16/2021 20:55 aflacl.com 12/15/2021 20:55 giftboxsolutions.xyz 12/15/2021 20:55 irs-homepage.serveirc.com 12/15/2021 20:55 mericarir.mnjrw.com 12/15/2021 20:55 mericari.mihmh.com 12/15/2021 20:55 ascom.co.tz 12/14/2021 20:55 amazon.pingro.club 12/14/2021 20:55 irs-homepage.serveirc.com 12/14/2021 20:55 christianfisch489fwk5htsdv8dscek-9ad890.ingress-erytho.e 12/14/2021 20:55 tr.perlinks.xyz 12/14/2021 20:55 teiujmo61.000webhostapp.com 12/14/2021 20:55 r3c0v3r-w4rn1ngp4g3s.000webhostapp.com 12/13/2021 20:55 irs.us-eligible-aid-donations.com 12/13/2021 20:55 aflaci.com 12/12/2021 20:55 smbc-card.com.etlikes.com 12/11/2021 20:55 projet5859.000webhostapp.com 12/11/2021 20:55 summerdayzlawn.com 12/10/2021 20:55 darkzonesgaming.club 12/10/2021 20:55 www.user-authorizationxx3109.storz.ma 12/10/2021 20:55 protecpageidentityrecovery.ga 12/10/2021 20:55 cryptonewjob.com 12/10/2021 20:55 offertomix.com 12/10/2021 20:55 secureconnects.duckdns.org 12/10/2021 20:55 osa-academy.com 12/10/2021 20:55 secureconnects.duckdns.org 12/10/2021 20:55 telcom.pe 12/10/2021 20:55 www.user-authorizationxx3109.storz.ma 12/9/2021 20:55 web7080.web07.bero-webspace.de 12/9/2021 20:55 mytelstraw.temp.swtest.ru 12/9/2021 20:55 www.mo-menthealth.com 12/9/2021 20:55 event-gratis-efootball-pes2021.duckdns.org 12/8/2021 20:55 offertomix.com 12/7/2021 20:55 amoazan.cqxjlp.com 12/7/2021 20:55 eqsrwktdvp.duckdns.org 12/7/2021 20:55 reconfirmpageswarningidentityservice.co.vu 12/7/2021 20:55 www.vip-pemersatu.2waky.com 12/7/2021 20:55 www.n.accssen.com 12/7/2021 20:55 www.m.accssen.com 12/7/2021 20:55 offertomix.com 12/7/2021 20:55 nextcloud.overland.cl 12/7/2021 20:55 www.n.aooescn.com 12/7/2021 20:55 amoazan.cqxjlp.com 12/7/2021 20:55 rheincargo.co.in 12/7/2021 20:55 www.c.aooescn.com 12/7/2021 20:55 100000065497484541136-ar.tk 12/6/2021 20:55 elori71.woodworkingidea.net 12/6/2021 20:55 allkku.com 12/6/2021 20:55 www1.sdvccsg-dxh.xyz 12/6/2021 20:55 bokeptantenadia.duckdns.org 12/6/2021 20:55 www.wellsfargo.onlinesysconfirmation.com 12/6/2021 20:55 hido.co.za 12/6/2021 20:55 allkku.com 12/5/2021 20:55 my.ts3card.com.xflsq.com 12/4/2021 20:55 fasdgsdfg.tokyo 12/4/2021 20:55 amaroner.amaroner.xyz 12/4/2021 20:55 www.brooksoutlet.me 12/3/2021 20:55 www.ducommaquinarias.com 12/3/2021 20:55 orgullocentroamericano.com 12/2/2021 20:55 www.easyquickcatch.com 12/2/2021 20:55 613422.selcdn.ru 12/2/2021 20:55 piebc.cl 12/2/2021 10:16 gateway.smallcase.com 12/1/2021 20:56 my.orgoffres.xyz 12/1/2021 20:56 dri-ve-buil-der.xyz 12/1/2021 20:56 dri-ve-buil-der.xyz 12/1/2021 20:56 monbudri.xyz 12/1/2021 20:55 alibabatrading.jo 12/1/2021 20:55 dri-ve-buil-der.xyz 12/1/2021 20:55 auth.emailauthentication.xyz 11/30/2021 20:56 aleugen.xyz 11/30/2021 20:56 pasarbta.info 11/30/2021 20:56 africansecrets.ca 11/30/2021 20:55 aleugen.xyz 11/30/2021 20:55 africansecrets.ca 11/30/2021 20:55 www.secben.caconcmeoned.com 11/30/2021 20:55 www.sobson.caecasroed.com 11/30/2021 20:55 sync-opensea.co 11/30/2021 20:55 demo11.stagingwork.com 11/30/2021 20:55 www.carpetderatique.com 11/30/2021 20:55 registerdrive.xyz 11/30/2021 20:55 discorde-gift.com 11/30/2021 20:55 spk-kundendienstleistung.com 11/30/2021 20:55 steamcommunits.com 11/29/2021 20:56 official-bakeryswap.org 11/29/2021 20:56 monbudri.xyz 11/29/2021 20:56 centroasesorelias.com 11/29/2021 20:56 hatawagency.ir 11/29/2021 20:56 centroasesorelias.com 11/29/2021 20:56 wise.internationalonlineinfo.com 11/29/2021 20:56 610220.selcdn.ru 11/29/2021 20:56 sparkasse-kundenvertrag.com 11/29/2021 20:56 sparkasse-kundenofferte.com 11/29/2021 20:55 sparkasse-kundendienstonline.com 11/29/2021 20:55 lilmamasaccs.com 11/29/2021 20:55 grubnew2021.duckdns.org 11/28/2021 20:56 www.navmeetcargo.com 11/28/2021 20:56 www.shiftup-eigyousupport.com 11/28/2021 20:56 monbudri.xyz 11/28/2021 20:56 spk-kundenzugang.com 11/28/2021 20:56 idverify.globalautodoor.com 11/28/2021 20:56 www.cumis.cuteqip.net 11/28/2021 20:56 idverify.globalautodoor.com 11/28/2021 20:56 idverify.globalautodoor.com 11/28/2021 20:55 job-side.com 11/28/2021 20:55 topchiangrai.com 11/28/2021 20:55 post-ch-de.34224.info 11/28/2021 20:55 idverify.globalautodoor.com 11/28/2021 20:55 jlpfc.cn 11/28/2021 20:55 mykonnect.fr     ... View more