Observation of DNS Amplification Attack (babywow.co.uk)
babywow.co.uk has characteristic TXT records. NSs of babywow.co.uk are same as NSs of zaikapaika.com I observed before.
a.dns.gandi.net
b.dns.gandi.net, c.dns.gandi.net
$ dig babywow.co.uk any ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.1-P1 <<>> babywow.co.uk any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17366 ;; flags: qr rd ra; QUERY: 1, ANSWER: 246, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;babywow.co.uk. IN ANY ;; ANSWER SECTION: babywow.co.uk. 10124 IN NS b.dns.gandi.net. babywow.co.uk. 10124 IN NS a.dns.gandi.net. babywow.co.uk. 10124 IN NS c.dns.gandi.net. babywow.co.uk. 10124 IN SOA a.dns.gandi.net. hostmaster.gandi.net. 1381033702 10800 3600 604800 10800 babywow.co.uk. 604124 IN A 204.46.43.157 babywow.co.uk. 604124 IN A 204.46.43.158 babywow.co.uk. 604124 IN A 204.46.43.159 babywow.co.uk. 604124 IN A 204.46.43.16 babywow.co.uk. 604124 IN A 204.46.43.160 babywow.co.uk. 604124 IN A 204.46.43.161 babywow.co.uk. 604124 IN A 204.46.43.162 babywow.co.uk. 604124 IN A 204.46.43.163 babywow.co.uk. 604124 IN A 204.46.43.164 babywow.co.uk. 604124 IN A 204.46.43.165 babywow.co.uk. 604124 IN A 204.46.43.166 babywow.co.uk. 604124 IN A 204.46.43.167 babywow.co.uk. 604124 IN A 204.46.43.168 babywow.co.uk. 604124 IN A 204.46.43.169 babywow.co.uk. 604124 IN A 204.46.43.17 babywow.co.uk. 604124 IN A 204.46.43.170 babywow.co.uk. 604124 IN A 204.46.43.171 babywow.co.uk. 604124 IN A 204.46.43.172 babywow.co.uk. 604124 IN A 204.46.43.173 babywow.co.uk. 604124 IN A 204.46.43.174 babywow.co.uk. 604124 IN A 204.46.43.175 babywow.co.uk. 604124 IN A 204.46.43.176 babywow.co.uk. 604124 IN A 204.46.43.177 babywow.co.uk. 604124 IN A 204.46.43.178 babywow.co.uk. 604124 IN A 204.46.43.179 babywow.co.uk. 604124 IN A 204.46.43.18 babywow.co.uk. 604124 IN A 204.46.43.180 babywow.co.uk. 604124 IN A 204.46.43.181 babywow.co.uk. 604124 IN A 204.46.43.182 babywow.co.uk. 604124 IN A 204.46.43.183 babywow.co.uk. 604124 IN A 204.46.43.184 babywow.co.uk. 604124 IN A 204.46.43.185 babywow.co.uk. 604124 IN A 204.46.43.186 babywow.co.uk. 604124 IN A 204.46.43.187 babywow.co.uk. 604124 IN A 204.46.43.188 babywow.co.uk. 604124 IN A 204.46.43.189 babywow.co.uk. 604124 IN A 204.46.43.19 babywow.co.uk. 604124 IN A 204.46.43.190 babywow.co.uk. 604124 IN A 204.46.43.191 babywow.co.uk. 604124 IN A 204.46.43.192 babywow.co.uk. 604124 IN A 204.46.43.193 babywow.co.uk. 604124 IN A 204.46.43.194 babywow.co.uk. 604124 IN A 204.46.43.195 babywow.co.uk. 604124 IN A 204.46.43.196 babywow.co.uk. 604124 IN A 204.46.43.197 babywow.co.uk. 604124 IN A 204.46.43.198 babywow.co.uk. 604124 IN A 204.46.43.199 babywow.co.uk. 604124 IN A 204.46.43.2 babywow.co.uk. 604124 IN A 204.46.43.20 babywow.co.uk. 604124 IN A 204.46.43.200 babywow.co.uk. 604124 IN A 204.46.43.201 babywow.co.uk. 604124 IN A 204.46.43.202 babywow.co.uk. 604124 IN A 204.46.43.203 babywow.co.uk. 604124 IN A 204.46.43.204 babywow.co.uk. 604124 IN A 204.46.43.205 babywow.co.uk. 604124 IN A 204.46.43.206 babywow.co.uk. 604124 IN A 204.46.43.207 babywow.co.uk. 604124 IN A 204.46.43.208 babywow.co.uk. 604124 IN A 204.46.43.209 babywow.co.uk. 604124 IN A 204.46.43.21 babywow.co.uk. 604124 IN A 204.46.43.210 babywow.co.uk. 604124 IN A 204.46.43.211 babywow.co.uk. 604124 IN A 204.46.43.212 babywow.co.uk. 604124 IN A 204.46.43.213 babywow.co.uk. 604124 IN A 204.46.43.214 babywow.co.uk. 604124 IN A 204.46.43.215 babywow.co.uk. 604124 IN A 204.46.43.216 babywow.co.uk. 604124 IN A 204.46.43.217 babywow.co.uk. 604124 IN A 204.46.43.218 babywow.co.uk. 604124 IN A 204.46.43.219 babywow.co.uk. 604124 IN A 204.46.43.22 babywow.co.uk. 604124 IN A 204.46.43.220 babywow.co.uk. 604124 IN A 204.46.43.221 babywow.co.uk. 604124 IN A 204.46.43.222 babywow.co.uk. 604124 IN A 204.46.43.223 babywow.co.uk. 604124 IN A 204.46.43.224 babywow.co.uk. 604124 IN A 204.46.43.225 babywow.co.uk. 604124 IN A 204.46.43.226 babywow.co.uk. 604124 IN A 204.46.43.227 babywow.co.uk. 604124 IN A 204.46.43.228 babywow.co.uk. 604124 IN A 204.46.43.229 babywow.co.uk. 604124 IN A 204.46.43.23 babywow.co.uk. 604124 IN A 204.46.43.230 babywow.co.uk. 604124 IN A 204.46.43.231 babywow.co.uk. 604124 IN A 204.46.43.232 babywow.co.uk. 604124 IN A 204.46.43.233 babywow.co.uk. 604124 IN A 204.46.43.234 babywow.co.uk. 604124 IN A 204.46.43.235 babywow.co.uk. 604124 IN A 204.46.43.236 babywow.co.uk. 604124 IN A 204.46.43.237 babywow.co.uk. 604124 IN A 204.46.43.238 babywow.co.uk. 604124 IN A 204.46.43.239 babywow.co.uk. 604124 IN A 204.46.43.24 babywow.co.uk. 604124 IN A 204.46.43.240 babywow.co.uk. 604124 IN A 204.46.43.25 babywow.co.uk. 604124 IN A 204.46.43.26 babywow.co.uk. 604124 IN A 204.46.43.27 babywow.co.uk. 604124 IN A 204.46.43.28 babywow.co.uk. 604124 IN A 204.46.43.29 babywow.co.uk. 604124 IN A 204.46.43.3 babywow.co.uk. 604124 IN A 204.46.43.30 babywow.co.uk. 604124 IN A 204.46.43.31 babywow.co.uk. 604124 IN A 204.46.43.32 babywow.co.uk. 604124 IN A 204.46.43.33 babywow.co.uk. 604124 IN A 204.46.43.34 babywow.co.uk. 604124 IN A 204.46.43.35 babywow.co.uk. 604124 IN A 204.46.43.36 babywow.co.uk. 604124 IN A 204.46.43.37 babywow.co.uk. 604124 IN A 204.46.43.38 babywow.co.uk. 604124 IN A 204.46.43.39 babywow.co.uk. 604124 IN A 204.46.43.4 babywow.co.uk. 604124 IN A 204.46.43.40 babywow.co.uk. 604124 IN A 204.46.43.41 babywow.co.uk. 604124 IN A 204.46.43.42 babywow.co.uk. 604124 IN A 204.46.43.43 babywow.co.uk. 604124 IN A 204.46.43.44 babywow.co.uk. 604124 IN A 204.46.43.45 babywow.co.uk. 604124 IN A 204.46.43.46 babywow.co.uk. 604124 IN A 204.46.43.47 babywow.co.uk. 604124 IN A 204.46.43.48 babywow.co.uk. 604124 IN A 204.46.43.49 babywow.co.uk. 604124 IN A 204.46.43.5 babywow.co.uk. 604124 IN A 204.46.43.50 babywow.co.uk. 604124 IN A 204.46.43.51 babywow.co.uk. 604124 IN A 204.46.43.52 babywow.co.uk. 604124 IN A 204.46.43.53 babywow.co.uk. 604124 IN A 204.46.43.54 babywow.co.uk. 604124 IN A 204.46.43.55 babywow.co.uk. 604124 IN A 204.46.43.56 babywow.co.uk. 604124 IN A 204.46.43.57 babywow.co.uk. 604124 IN A 204.46.43.58 babywow.co.uk. 604124 IN A 204.46.43.59 babywow.co.uk. 604124 IN A 204.46.43.6 babywow.co.uk. 604124 IN A 204.46.43.60 babywow.co.uk. 604124 IN A 204.46.43.61 babywow.co.uk. 604124 IN A 204.46.43.62 babywow.co.uk. 604124 IN A 204.46.43.63 babywow.co.uk. 604124 IN A 204.46.43.64 babywow.co.uk. 604124 IN A 204.46.43.65 babywow.co.uk. 604124 IN A 204.46.43.66 babywow.co.uk. 604124 IN A 204.46.43.67 babywow.co.uk. 604124 IN A 204.46.43.68 babywow.co.uk. 604124 IN A 204.46.43.69 babywow.co.uk. 604124 IN A 204.46.43.7 babywow.co.uk. 604124 IN A 204.46.43.70 babywow.co.uk. 604124 IN A 204.46.43.71 babywow.co.uk. 604124 IN A 204.46.43.72 babywow.co.uk. 604124 IN A 204.46.43.73 babywow.co.uk. 604124 IN A 204.46.43.74 babywow.co.uk. 604124 IN A 204.46.43.75 babywow.co.uk. 604124 IN A 204.46.43.76 babywow.co.uk. 604124 IN A 204.46.43.77 babywow.co.uk. 604124 IN A 204.46.43.78 babywow.co.uk. 604124 IN A 204.46.43.79 babywow.co.uk. 604124 IN A 204.46.43.8 babywow.co.uk. 604124 IN A 204.46.43.80 babywow.co.uk. 604124 IN A 204.46.43.81 babywow.co.uk. 604124 IN A 204.46.43.82 babywow.co.uk. 604124 IN A 204.46.43.83 babywow.co.uk. 604124 IN A 204.46.43.84 babywow.co.uk. 604124 IN A 204.46.43.85 babywow.co.uk. 604124 IN A 204.46.43.86 babywow.co.uk. 604124 IN A 204.46.43.87 babywow.co.uk. 604124 IN A 204.46.43.88 babywow.co.uk. 604124 IN A 204.46.43.89 babywow.co.uk. 604124 IN A 204.46.43.9 babywow.co.uk. 604124 IN A 204.46.43.90 babywow.co.uk. 604124 IN A 204.46.43.91 babywow.co.uk. 604124 IN A 204.46.43.92 babywow.co.uk. 604124 IN A 204.46.43.93 babywow.co.uk. 604124 IN A 204.46.43.94 babywow.co.uk. 604124 IN A 204.46.43.95 babywow.co.uk. 604124 IN A 204.46.43.96 babywow.co.uk. 604124 IN A 204.46.43.97 babywow.co.uk. 604124 IN A 204.46.43.98 babywow.co.uk. 604124 IN A 204.46.43.99 babywow.co.uk. 604124 IN A 204.46.43.1 babywow.co.uk. 604124 IN A 204.46.43.10 babywow.co.uk. 604124 IN A 204.46.43.100 babywow.co.uk. 604124 IN A 204.46.43.101 babywow.co.uk. 604124 IN A 204.46.43.102 babywow.co.uk. 604124 IN A 204.46.43.103 babywow.co.uk. 604124 IN A 204.46.43.104 babywow.co.uk. 604124 IN A 204.46.43.105 babywow.co.uk. 604124 IN A 204.46.43.106 babywow.co.uk. 604124 IN A 204.46.43.107 babywow.co.uk. 604124 IN A 204.46.43.108 babywow.co.uk. 604124 IN A 204.46.43.109 babywow.co.uk. 604124 IN A 204.46.43.11 babywow.co.uk. 604124 IN A 204.46.43.110 babywow.co.uk. 604124 IN A 204.46.43.111 babywow.co.uk. 604124 IN A 204.46.43.112 babywow.co.uk. 604124 IN A 204.46.43.113 babywow.co.uk. 604124 IN A 204.46.43.114 babywow.co.uk. 604124 IN A 204.46.43.115 babywow.co.uk. 604124 IN A 204.46.43.116 babywow.co.uk. 604124 IN A 204.46.43.117 babywow.co.uk. 604124 IN A 204.46.43.118 babywow.co.uk. 604124 IN A 204.46.43.119 babywow.co.uk. 604124 IN A 204.46.43.12 babywow.co.uk. 604124 IN A 204.46.43.120 babywow.co.uk. 604124 IN A 204.46.43.121 babywow.co.uk. 604124 IN A 204.46.43.122 babywow.co.uk. 604124 IN A 204.46.43.123 babywow.co.uk. 604124 IN A 204.46.43.124 babywow.co.uk. 604124 IN A 204.46.43.125 babywow.co.uk. 604124 IN A 204.46.43.126 babywow.co.uk. 604124 IN A 204.46.43.127 babywow.co.uk. 604124 IN A 204.46.43.128 babywow.co.uk. 604124 IN A 204.46.43.129 babywow.co.uk. 604124 IN A 204.46.43.13 babywow.co.uk. 604124 IN A 204.46.43.130 babywow.co.uk. 604124 IN A 204.46.43.131 babywow.co.uk. 604124 IN A 204.46.43.132 babywow.co.uk. 604124 IN A 204.46.43.133 babywow.co.uk. 604124 IN A 204.46.43.134 babywow.co.uk. 604124 IN A 204.46.43.135 babywow.co.uk. 604124 IN A 204.46.43.136 babywow.co.uk. 604124 IN A 204.46.43.137 babywow.co.uk. 604124 IN A 204.46.43.138 babywow.co.uk. 604124 IN A 204.46.43.139 babywow.co.uk. 604124 IN A 204.46.43.14 babywow.co.uk. 604124 IN A 204.46.43.140 babywow.co.uk. 604124 IN A 204.46.43.141 babywow.co.uk. 604124 IN A 204.46.43.142 babywow.co.uk. 604124 IN A 204.46.43.143 babywow.co.uk. 604124 IN A 204.46.43.144 babywow.co.uk. 604124 IN A 204.46.43.145 babywow.co.uk. 604124 IN A 204.46.43.146 babywow.co.uk. 604124 IN A 204.46.43.147 babywow.co.uk. 604124 IN A 204.46.43.148 babywow.co.uk. 604124 IN A 204.46.43.149 babywow.co.uk. 604124 IN A 204.46.43.15 babywow.co.uk. 604124 IN A 204.46.43.150 babywow.co.uk. 604124 IN A 204.46.43.151 babywow.co.uk. 604124 IN A 204.46.43.152 babywow.co.uk. 604124 IN A 204.46.43.153 babywow.co.uk. 604124 IN A 204.46.43.154 babywow.co.uk. 604124 IN A 204.46.43.155 babywow.co.uk. 604124 IN A 204.46.43.156 babywow.co.uk. 10124 IN TXT "OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA!2jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI" babywow.co.uk. 10124 IN TXT "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Oct 12 00:59:11 2013 ;; MSG SIZE rcvd: 4515
$ whois 173.246.97.2 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=173.246.97.2?showDetails=true&showARIN=false&ext=netref2 # NetRange: 173.246.96.0 - 173.246.111.255 CIDR: 173.246.96.0/20 OriginAS: AS29169 NetName: GANDI-NET-DC1-1 NetHandle: NET-173-246-96-0-1 Parent: NET-173-0-0-0-0 NetType: Direct Allocation Comment: http://www.gandi.net/ RegDate: 2010-06-18 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-173-246-96-0-1 OrgName: Gandi US Inc. OrgId: GANDI-2 Address: Gandi US Inc. Address: PO Box 32863 City: Baltimore StateProv: MD PostalCode: 21282 Country: US RegDate: 2010-05-20 Updated: 2010-06-24 Comment: Gandi is an ICANN accredited registrar and VPS/Cloud hosting provider with operations in France, UK, and the United States. Comment: http://www.gandi.net/ Ref: http://whois.arin.net/rest/org/GANDI-2 OrgTechHandle: VANDE4-ARIN OrgTechName: Vandervort, Leland OrgTechPhone: +33170393759 OrgTechEmail: leland@gandi.net OrgTechRef: http://whois.arin.net/rest/poc/VANDE4-ARIN OrgNOCHandle: GANDI1-ARIN OrgNOCName: Gandi NOC OrgNOCPhone: +33170393755 OrgNOCEmail: noc@gandi.net OrgNOCRef: http://whois.arin.net/rest/poc/GANDI1-ARIN OrgTechHandle: LEADM-ARIN OrgTechName: Leadmon, Howard OrgTechPhone: +1-410-515-5843 OrgTechEmail: howard@gandi.net OrgTechRef: http://whois.arin.net/rest/poc/LEADM-ARIN OrgAbuseHandle: GAD43-ARIN OrgAbuseName: Gandi Abuse Department OrgAbusePhone: +33 1 70 39 37 70 OrgAbuseEmail: abuse@gandi.net OrgAbuseRef: http://whois.arin.net/rest/poc/GAD43-ARIN RTechHandle: VANDE4-ARIN RTechName: Vandervort, Leland RTechPhone: +33170393759 RTechEmail: leland@gandi.net RTechRef: http://whois.arin.net/rest/poc/VANDE4-ARIN RNOCHandle: GANDI1-ARIN RNOCName: Gandi NOC RNOCPhone: +33170393755 RNOCEmail: noc@gandi.net RNOCRef: http://whois.arin.net/rest/poc/GANDI1-ARIN RAbuseHandle: GAD43-ARIN RAbuseName: Gandi Abuse Department RAbusePhone: +33 1 70 39 37 70 RAbuseEmail: abuse@gandi.net RAbuseRef: http://whois.arin.net/rest/poc/GAD43-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html #
$ whois 217.70.184.40 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '217.70.184.0 - 217.70.184.255' % Abuse contact for '217.70.184.0 - 217.70.184.255' is 'abuse@gandi.net' inetnum: 217.70.184.0 - 217.70.184.255 netname: GANDIFR-NET4 descr: GANDI FRANCE L/B SERVICES country: FR admin-c: LV314-RIPE admin-c: PB10691-RIPE tech-c: GNO4-RIPE tech-c: NG183-RIPE mnt-by: GANDI-NOC mnt-lower: GANDI-NOC mnt-routes: GANDI-NOC status: ASSIGNED PA source: RIPE # Filtered role: Gandi Network Operations address: 63-65 Boulevard Massena address: 75013 Paris address: France phone: +33 1 70 39 37 55 admin-c: LV314-RIPE tech-c: LV314-RIPE nic-hdl: GNO4-RIPE remarks: Gandi SAS NOC Role remarks: Gandi is an ICANN accredited Registrar remarks: http://www.gandi.net/ remarks: - Network Issues: noc@gandi.net remarks: - Abuse/SPAM: abuse@gandi.net abuse-mailbox: abuse@gandi.net mnt-by: GANDI-NOC source: RIPE # Filtered role: NOC Gandi address: GANDI address: 63-65 Boulevard Massena address: 75013 Paris admin-c: LV314-RIPE tech-c: LV314-RIPE nic-hdl: NG183-RIPE mnt-by: GANDI-NOC remarks: ------------------------------------------------- remarks: GANDI is an ICANN accredited registrar remarks: for more information: remarks: Web: http://www.gandi.net remarks: ------------------------------------------------- remarks: - network troubles: ipnoc@gandi.net remarks: - SPAM complaints: abuse@gandi.net remarks: ------------------------------------------------- source: RIPE # Filtered person: Leland Vandervort address: Gandi SAS address: 63-65 Boulevard Massena address: 75013 Paris address: France phone: +33 1 70 39 37 55 nic-hdl: LV314-RIPE mnt-by: DISCPRO-MNT source: RIPE # Filtered person: Pascal Bouchareine address: Gandi SAS address: 63-65 Boulevard Massena address: 75013 Paris address: France phone: +33 1 70 39 37 55 nic-hdl: PB10691-RIPE mnt-by: GANDI-NOC source: RIPE # Filtered % Information related to '217.70.176.0/20AS29169' route: 217.70.176.0/20 descr: GANDI is an ICANN accredited registrar descr: for more information: descr: Web: http://www.gandi.net origin: AS29169 mnt-by: GANDI-NOC source: RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.69 (WHOIS1)
