Observation of DNS Amplification Attack (36088.info)
NSes are same as NSes of aa.10781.info and 30259.info.
$ dig 36088.info any ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.8.1-P1 <<>> 36088.info any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18286 ;; flags: qr rd ra; QUERY: 1, ANSWER: 259, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;36088.info. IN ANY ;; ANSWER SECTION: 36088.info. 5813 IN A 208.202.103.141 36088.info. 5813 IN A 208.202.103.142 36088.info. 5813 IN A 208.202.103.143 36088.info. 5813 IN A 208.202.103.144 36088.info. 5813 IN A 208.202.103.145 36088.info. 5813 IN A 208.202.103.146 36088.info. 5813 IN A 208.202.103.147 36088.info. 5813 IN A 208.202.103.148 36088.info. 5813 IN A 208.202.103.149 36088.info. 5813 IN A 208.202.103.150 36088.info. 5813 IN A 208.202.103.151 36088.info. 5813 IN A 208.202.103.152 36088.info. 5813 IN A 208.202.103.153 36088.info. 5813 IN A 208.202.103.154 36088.info. 5813 IN A 208.202.103.155 36088.info. 5813 IN A 208.202.103.156 36088.info. 5813 IN A 208.202.103.157 36088.info. 5813 IN A 208.202.103.158 36088.info. 5813 IN A 208.202.103.159 36088.info. 5813 IN A 208.202.103.160 36088.info. 5813 IN A 208.202.103.161 36088.info. 5813 IN A 208.202.103.162 36088.info. 5813 IN A 208.202.103.163 36088.info. 5813 IN A 208.202.103.164 36088.info. 5813 IN A 208.202.103.165 36088.info. 5813 IN A 208.202.103.166 36088.info. 5813 IN A 208.202.103.167 36088.info. 5813 IN A 208.202.103.168 36088.info. 5813 IN A 208.202.103.169 36088.info. 5813 IN A 208.202.103.170 36088.info. 5813 IN A 208.202.103.171 36088.info. 5813 IN A 208.202.103.172 36088.info. 5813 IN A 208.202.103.173 36088.info. 5813 IN A 208.202.103.174 36088.info. 5813 IN A 208.202.103.175 36088.info. 5813 IN A 208.202.103.176 36088.info. 5813 IN A 208.202.103.177 36088.info. 5813 IN A 208.202.103.178 36088.info. 5813 IN A 208.202.103.179 36088.info. 5813 IN A 208.202.103.180 36088.info. 5813 IN A 208.202.103.181 36088.info. 5813 IN A 208.202.103.182 36088.info. 5813 IN A 208.202.103.183 36088.info. 5813 IN A 208.202.103.184 36088.info. 5813 IN A 208.202.103.185 36088.info. 5813 IN A 208.202.103.186 36088.info. 5813 IN A 208.202.103.187 36088.info. 5813 IN A 208.202.103.188 36088.info. 5813 IN A 208.202.103.189 36088.info. 5813 IN A 208.202.103.190 36088.info. 5813 IN A 208.202.103.191 36088.info. 5813 IN A 208.202.103.192 36088.info. 5813 IN A 208.202.103.193 36088.info. 5813 IN A 208.202.103.194 36088.info. 5813 IN A 208.202.103.195 36088.info. 5813 IN A 208.202.103.196 36088.info. 5813 IN A 208.202.103.197 36088.info. 5813 IN A 208.202.103.198 36088.info. 5813 IN A 208.202.103.199 36088.info. 5813 IN A 208.202.103.200 36088.info. 5813 IN A 208.202.102.100 36088.info. 5813 IN A 208.202.102.101 36088.info. 5813 IN A 208.202.102.102 36088.info. 5813 IN A 208.202.102.103 36088.info. 5813 IN A 208.202.102.104 36088.info. 5813 IN A 208.202.102.105 36088.info. 5813 IN A 208.202.102.106 36088.info. 5813 IN A 208.202.102.107 36088.info. 5813 IN A 208.202.102.108 36088.info. 5813 IN A 208.202.102.109 36088.info. 5813 IN A 208.202.102.110 36088.info. 5813 IN A 208.202.102.111 36088.info. 5813 IN A 208.202.102.112 36088.info. 5813 IN A 208.202.102.113 36088.info. 5813 IN A 208.202.102.114 36088.info. 5813 IN A 208.202.102.115 36088.info. 5813 IN A 208.202.102.116 36088.info. 5813 IN A 208.202.102.117 36088.info. 5813 IN A 208.202.102.118 36088.info. 5813 IN A 208.202.102.119 36088.info. 5813 IN A 208.202.102.120 36088.info. 5813 IN A 208.202.102.121 36088.info. 5813 IN A 208.202.102.122 36088.info. 5813 IN A 208.202.102.123 36088.info. 5813 IN A 208.202.102.124 36088.info. 5813 IN A 208.202.102.125 36088.info. 5813 IN A 208.202.102.126 36088.info. 5813 IN A 208.202.102.127 36088.info. 5813 IN A 208.202.102.128 36088.info. 5813 IN A 208.202.102.129 36088.info. 5813 IN A 208.202.102.130 36088.info. 5813 IN A 208.202.102.131 36088.info. 5813 IN A 208.202.102.132 36088.info. 5813 IN A 208.202.102.133 36088.info. 5813 IN A 208.202.102.134 36088.info. 5813 IN A 208.202.102.135 36088.info. 5813 IN A 208.202.102.136 36088.info. 5813 IN A 208.202.102.137 36088.info. 5813 IN A 208.202.102.138 36088.info. 5813 IN A 208.202.102.139 36088.info. 5813 IN A 208.202.102.140 36088.info. 5813 IN A 208.202.102.141 36088.info. 5813 IN A 208.202.102.142 36088.info. 5813 IN A 208.202.102.143 36088.info. 5813 IN A 208.202.102.144 36088.info. 5813 IN A 208.202.102.145 36088.info. 5813 IN A 208.202.102.146 36088.info. 5813 IN A 208.202.102.147 36088.info. 5813 IN A 208.202.102.148 36088.info. 5813 IN A 208.202.102.149 36088.info. 5813 IN A 208.202.102.150 36088.info. 5813 IN A 208.202.102.151 36088.info. 5813 IN A 208.202.102.152 36088.info. 5813 IN A 208.202.102.153 36088.info. 5813 IN A 208.202.102.154 36088.info. 5813 IN A 208.202.102.155 36088.info. 5813 IN A 208.202.102.156 36088.info. 5813 IN A 208.202.102.157 36088.info. 5813 IN A 208.202.102.158 36088.info. 5813 IN A 208.202.102.159 36088.info. 5813 IN A 208.202.102.160 36088.info. 5813 IN A 208.202.102.161 36088.info. 5813 IN A 208.202.102.162 36088.info. 5813 IN A 208.202.102.163 36088.info. 5813 IN A 208.202.102.164 36088.info. 5813 IN A 208.202.102.165 36088.info. 5813 IN A 208.202.102.166 36088.info. 5813 IN A 208.202.102.167 36088.info. 5813 IN A 208.202.102.168 36088.info. 5813 IN A 208.202.102.169 36088.info. 5813 IN A 208.202.102.170 36088.info. 5813 IN A 208.202.102.171 36088.info. 5813 IN A 208.202.102.172 36088.info. 5813 IN A 208.202.102.173 36088.info. 5813 IN A 208.202.102.174 36088.info. 5813 IN A 208.202.102.175 36088.info. 5813 IN A 208.202.102.176 36088.info. 5813 IN A 208.202.102.177 36088.info. 5813 IN A 208.202.102.178 36088.info. 5813 IN A 208.202.102.179 36088.info. 5813 IN A 208.202.102.180 36088.info. 5813 IN A 208.202.102.181 36088.info. 5813 IN A 208.202.102.182 36088.info. 5813 IN A 208.202.102.183 36088.info. 5813 IN A 208.202.102.184 36088.info. 5813 IN A 208.202.102.185 36088.info. 5813 IN A 208.202.102.186 36088.info. 5813 IN A 208.202.102.187 36088.info. 5813 IN A 208.202.102.188 36088.info. 5813 IN A 208.202.102.189 36088.info. 5813 IN A 208.202.102.190 36088.info. 5813 IN A 208.202.102.191 36088.info. 5813 IN A 208.202.102.192 36088.info. 5813 IN A 208.202.102.193 36088.info. 5813 IN A 208.202.102.194 36088.info. 5813 IN A 208.202.102.195 36088.info. 5813 IN A 208.202.102.196 36088.info. 5813 IN A 208.202.102.197 36088.info. 5813 IN A 208.202.102.198 36088.info. 5813 IN A 208.202.102.199 36088.info. 5813 IN A 208.202.102.200 36088.info. 5813 IN A 208.202.102.201 36088.info. 5813 IN A 208.202.102.202 36088.info. 5813 IN A 208.202.102.203 36088.info. 5813 IN A 208.202.102.204 36088.info. 5813 IN A 208.202.102.205 36088.info. 5813 IN A 208.202.102.206 36088.info. 5813 IN A 208.202.102.207 36088.info. 5813 IN A 208.202.102.208 36088.info. 5813 IN A 208.202.102.209 36088.info. 5813 IN A 208.202.102.210 36088.info. 5813 IN A 208.202.102.211 36088.info. 5813 IN A 208.202.102.212 36088.info. 5813 IN A 208.202.102.213 36088.info. 5813 IN A 208.202.102.214 36088.info. 5813 IN A 208.202.102.215 36088.info. 5813 IN A 208.202.102.216 36088.info. 5813 IN A 208.202.102.217 36088.info. 5813 IN A 208.202.102.218 36088.info. 5813 IN A 208.202.102.219 36088.info. 5813 IN A 208.202.102.220 36088.info. 5813 IN A 208.202.102.221 36088.info. 5813 IN A 208.202.102.222 36088.info. 5813 IN A 208.202.102.223 36088.info. 5813 IN A 208.202.102.224 36088.info. 5813 IN A 208.202.102.225 36088.info. 5813 IN A 208.202.102.226 36088.info. 5813 IN A 208.202.102.227 36088.info. 5813 IN A 208.202.102.228 36088.info. 5813 IN A 208.202.102.229 36088.info. 5813 IN A 208.202.102.230 36088.info. 5813 IN A 208.202.102.231 36088.info. 5813 IN A 208.202.102.232 36088.info. 5813 IN A 208.202.102.233 36088.info. 5813 IN A 208.202.102.234 36088.info. 5813 IN A 208.202.102.235 36088.info. 5813 IN A 208.202.102.236 36088.info. 5813 IN A 208.202.102.237 36088.info. 5813 IN A 208.202.102.238 36088.info. 5813 IN A 208.202.102.239 36088.info. 5813 IN A 208.202.102.240 36088.info. 5813 IN A 208.202.102.241 36088.info. 5813 IN A 208.202.102.242 36088.info. 5813 IN A 208.202.102.243 36088.info. 5813 IN A 208.202.102.244 36088.info. 5813 IN A 208.202.102.245 36088.info. 5813 IN A 208.202.102.246 36088.info. 5813 IN A 208.202.102.247 36088.info. 5813 IN A 208.202.102.248 36088.info. 5813 IN A 208.202.102.249 36088.info. 5813 IN A 208.202.102.250 36088.info. 5813 IN A 208.202.102.251 36088.info. 5813 IN A 208.202.102.252 36088.info. 5813 IN A 208.202.102.253 36088.info. 5813 IN A 208.202.102.254 36088.info. 5813 IN A 208.202.103.100 36088.info. 5813 IN A 208.202.103.101 36088.info. 5813 IN A 208.202.103.102 36088.info. 5813 IN A 208.202.103.103 36088.info. 5813 IN A 208.202.103.104 36088.info. 5813 IN A 208.202.103.105 36088.info. 5813 IN A 208.202.103.106 36088.info. 5813 IN A 208.202.103.107 36088.info. 5813 IN A 208.202.103.108 36088.info. 5813 IN A 208.202.103.109 36088.info. 5813 IN A 208.202.103.110 36088.info. 5813 IN A 208.202.103.111 36088.info. 5813 IN A 208.202.103.112 36088.info. 5813 IN A 208.202.103.113 36088.info. 5813 IN A 208.202.103.114 36088.info. 5813 IN A 208.202.103.115 36088.info. 5813 IN A 208.202.103.116 36088.info. 5813 IN A 208.202.103.117 36088.info. 5813 IN A 208.202.103.118 36088.info. 5813 IN A 208.202.103.119 36088.info. 5813 IN A 208.202.103.120 36088.info. 5813 IN A 208.202.103.121 36088.info. 5813 IN A 208.202.103.122 36088.info. 5813 IN A 208.202.103.123 36088.info. 5813 IN A 208.202.103.124 36088.info. 5813 IN A 208.202.103.125 36088.info. 5813 IN A 208.202.103.126 36088.info. 5813 IN A 208.202.103.127 36088.info. 5813 IN A 208.202.103.128 36088.info. 5813 IN A 208.202.103.129 36088.info. 5813 IN A 208.202.103.130 36088.info. 5813 IN A 208.202.103.131 36088.info. 5813 IN A 208.202.103.132 36088.info. 5813 IN A 208.202.103.133 36088.info. 5813 IN A 208.202.103.134 36088.info. 5813 IN A 208.202.103.135 36088.info. 5813 IN A 208.202.103.136 36088.info. 5813 IN A 208.202.103.137 36088.info. 5813 IN A 208.202.103.138 36088.info. 5813 IN A 208.202.103.139 36088.info. 5813 IN A 208.202.103.140 36088.info. 7013 IN SOA ns1.sdfre.info. root.ns1.36088.info. 20091027 28800 600 604800 86400 36088.info. 7012 IN NS ns2.sdfre.info. 36088.info. 7012 IN NS ns1.sdfre.info. ;; Query time: 12 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Oct 14 16:09:27 2013 ;; MSG SIZE rcvd: 4211
$ dig ns1.sdfre.info ; <<>> DiG 9.8.1-P1 <<>> ns1.sdfre.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38241 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 3 ;; QUESTION SECTION: ;ns1.sdfre.info. IN A ;; ANSWER SECTION: ns1.sdfre.info. 371 IN A 64.62.186.77 ns1.sdfre.info. 371 IN A 162.212.182.163 ns1.sdfre.info. 371 IN A 162.212.182.165 ;; AUTHORITY SECTION: sdfre.info. 6971 IN NS ns2.sdfre.info. sdfre.info. 6971 IN NS ns1.sdfre.info. ;; ADDITIONAL SECTION: ns2.sdfre.info. 371 IN A 162.212.182.165 ns2.sdfre.info. 371 IN A 64.62.186.77 ns2.sdfre.info. 371 IN A 162.212.182.163 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Oct 14 16:14:18 2013 ;; MSG SIZE rcvd: 160
$ whois 64.62.186.77 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=64.62.186.77?showDetails=true&showARIN=false&ext=netref2 # # start NetRange: 64.62.128.0 - 64.62.255.255 CIDR: 64.62.128.0/17 OriginAS: AS6939 NetName: HURRICANE-4 NetHandle: NET-64-62-128-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2002-08-27 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-64-62-128-0-1 OrgName: Hurricane Electric, Inc. OrgId: HURC Address: 760 Mission Court City: Fremont StateProv: CA PostalCode: 94539 Country: US RegDate: Updated: 2011-04-13 Ref: http://whois.arin.net/rest/org/HURC ReferralServer: rwhois://rwhois.he.net:4321 OrgAbuseHandle: ABUSE1036-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-510-580-4100 OrgAbuseEmail: abuse@he.net OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE1036-ARIN OrgTechHandle: ZH17-ARIN OrgTechName: Hurricane Electric OrgTechPhone: +1-510-580-4100 OrgTechEmail: hostmaster@he.net OrgTechRef: http://whois.arin.net/rest/poc/ZH17-ARIN RTechHandle: ZH17-ARIN RTechName: Hurricane Electric RTechPhone: +1-510-580-4100 RTechEmail: hostmaster@he.net RTechRef: http://whois.arin.net/rest/poc/ZH17-ARIN RAbuseHandle: ABUSE1036-ARIN RAbuseName: Abuse Department RAbusePhone: +1-510-580-4100 RAbuseEmail: abuse@he.net RAbuseRef: http://whois.arin.net/rest/poc/ABUSE1036-ARIN RNOCHandle: ZH17-ARIN RNOCName: Hurricane Electric RNOCPhone: +1-510-580-4100 RNOCEmail: hostmaster@he.net RNOCRef: http://whois.arin.net/rest/poc/ZH17-ARIN # end # start NetRange: 64.62.186.0 - 64.62.186.255 CIDR: 64.62.186.0/24 OriginAS: AS62466 NetName: CLEARDDOS-DC1002-403EBA00 NetHandle: NET-64-62-186-0-1 Parent: NET-64-62-128-0-1 NetType: Reallocated Comment: www.clear-ddos.com RegDate: 2013-08-13 Updated: 2013-08-18 Ref: http://whois.arin.net/rest/net/NET-64-62-186-0-1 OrgName: ClearDDoS Technologies OrgId: GFSL-6 Address: 215-5625 Senlac Street City: Vancouver StateProv: BC PostalCode: V5R-6G8 Country: CA RegDate: 2012-10-12 Updated: 2013-09-09 Comment: www.clear-ddos.com Ref: http://whois.arin.net/rest/org/GFSL-6 OrgTechHandle: DAIDE-ARIN OrgTechName: Dai, Dennis OrgTechPhone: +1-604-639-7533 OrgTechEmail: support@clear-ddos.com OrgTechRef: http://whois.arin.net/rest/poc/DAIDE-ARIN OrgAbuseHandle: DAIDE-ARIN OrgAbuseName: Dai, Dennis OrgAbusePhone: +1-604-639-7533 OrgAbuseEmail: support@clear-ddos.com OrgAbuseRef: http://whois.arin.net/rest/poc/DAIDE-ARIN OrgNOCHandle: DAIDE-ARIN OrgNOCName: Dai, Dennis OrgNOCPhone: +1-604-639-7533 OrgNOCEmail: support@clear-ddos.com OrgNOCRef: http://whois.arin.net/rest/poc/DAIDE-ARIN # end # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # rwhois.he.net:4321 への照会をみつけました %rwhois V-1.5:0012b7:01 ops.he.net (HE-RWHOISd v:r255,m1:r319) network:ID;I:NET-64.62.186.0/24 network:Auth-Area:nets network:Class-Name:network network:Network-Name;I:NET-64.62.186.0/24 network:Parent;I:NET-64.62.128.0/17 network:IP-Network:64.62.186.0/24 network:Org-Contact;I:POC-DC-1002 network:Tech-Contact;I:POC-HE-NOC network:Abuse-Contact;I:POC-HE-ABUSE network:NOC-Contact;I:POC-HE-NOC network:Created:20130807203009000 network:Updated:20130807203009000 contact:ID;I:POC-DC-1002 contact:Auth-Area:contacts contact:Class-Name:contact contact:Name:Guoqiang Dai contact:Company:Clear DDoS contact:Street-Address:215-5625 Senlac St. contact:City:Vancouver contact:Province:BC contact:Postal-Code:V5R-6G8 contact:Country-Code:CA contact:Phone:604-639-7533 contact:E-Mail:ddai@ddai.net contact:Created:20130807163002000 contact:Updated:20130807163002000 contact:ID;I:POC-HE-NOC contact:Auth-Area:contacts contact:Class-Name:contact contact:Name:Network Operations Center contact:Company:Hurricane Electric contact:Street-Address:760 Mission Ct contact:City:Fremont contact:Province:CA contact:Postal-Code:94539 contact:Country-Code:US contact:Phone:+1-510-580-4100 contact:E-Mail:noc@he.net contact:Created:20100901200738000 contact:Updated:20100901200738000 contact:ID;I:POC-HE-ABUSE contact:Auth-Area:contacts contact:Class-Name:contact contact:Name:Abuse Department contact:Company:Hurricane Electric contact:Street-Address:760 Mission Ct contact:City:Fremont contact:Province:CA contact:Postal-Code:94539 contact:Country-Code:US contact:Phone:+1-510-580-4100 contact:E-Mail:abuse@he.net contact:Created:20100901200738000 contact:Updated:20100901200738000 contact:Comment:For email abuse (spam) only
$ whois 162.212.182.163 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=162.212.182.163?showDetails=true&showARIN=false&ext=netref2 # NetRange: 162.212.180.0 - 162.212.183.255 CIDR: 162.212.180.0/22 OriginAS: AS26484 NetName: HOSTSPACE NetHandle: NET-162-212-180-0-1 Parent: NET-162-0-0-0-0 NetType: Direct Allocation RegDate: 2013-05-22 Updated: 2013-05-22 Ref: http://whois.arin.net/rest/net/NET-162-212-180-0-1 OrgName: HOSTSPACE NETWORKS LLC OrgId: HNL-17 Address: 1788 SIERRA LEONE AVE #108-100 City: ROWLAND HEIGHTS StateProv: CA PostalCode: 91748 Country: US RegDate: 2012-09-24 Updated: 2013-05-23 Ref: http://whois.arin.net/rest/org/HNL-17 OrgTechHandle: ZHOUM4-ARIN OrgTechName: Zhou, Mike OrgTechPhone: +1-626-248-6372 OrgTechEmail: admin@hostspaces.net OrgTechRef: http://whois.arin.net/rest/poc/ZHOUM4-ARIN OrgAbuseHandle: ZHOUM4-ARIN OrgAbuseName: Zhou, Mike OrgAbusePhone: +1-626-248-6372 OrgAbuseEmail: admin@hostspaces.net OrgAbuseRef: http://whois.arin.net/rest/poc/ZHOUM4-ARIN OrgNOCHandle: ZHOUM4-ARIN OrgNOCName: Zhou, Mike OrgNOCPhone: +1-626-248-6372 OrgNOCEmail: admin@hostspaces.net OrgNOCRef: http://whois.arin.net/rest/poc/ZHOUM4-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html #